DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1 – 20 are currently pending.
The abstract submitted on 09/25/2019 is accepted.
The oath submitted on 09/25/2019 is accepted.
The drawings submitted on 09/25/2019 are accepted.
No foreign priority has been claimed.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1 – 4, 6, 8, 11, 12, 13, 15, 17, 18, 19, are rejected under 35 U.S.C. 103 as being unpatentable over Welcker et al. (US 11106540 B1) in view of Osborne et al. (US 20150172317 A1).

Regarding claim 1, Welcker et al. discloses a method (Welcker et al., FIG. 6; [col 3, ln 1 -2] a proxy server modifies the operation of a database system by acting as an intermediary between a database client and a database server), comprising: 
receiving, by one or more network devices of an application service layer network (Welcker et al., FIG. 1; database server 108), a service request for a latency certification service (Welcker et al., [col 3, ln 2 - 5] a request is sent by the database client to the proxy server, and the proxy server applies one or more rules to the request; [col 10, ln 4 - 9] a client computer system generating a request to be submitted to the database server by the proxy server); 
instantiating, by the one or more network devices and in response to the service request, a Transmission Control Protocol (TCP) proxy (Welcker et al., FIG. 1; proxy server 102; [col 3, ln 13 - 18] a database client that is configured to communicate with the database server is redirected to communicate with the proxy server, and the proxy server provides an interface to the database client that is compatible with the database client while modifying the operation of the database server) for a data session between an application server device and a user equipment (UE) device (Welcker et al., FIG. 1, client computer system 104; [col 5, ln 55 - 61] the logical connection between the proxy server and the database server is a transmission control protocol ("TCP") connection); 
obtaining, by the TCP proxy, a digital certificate (Welcker et al.,[col 5, ln 55 - 61] the client identity field holds information that is capable of verifying the identity of the client such as a digital signature, a cryptographic key, or digital certificate; [col 10, ln 19 - 25] the credential information may include a digital signature generated using a cryptographic key associated with the client computer system); 
receiving, by the TCP proxy, a data packet from the UE device (Welcker et al.,[col 13, ln 37 - 40] the proxy server receives the web request from the client computer system and generates a set of SQL commands that, when executed by a database server, fulfill the request). 
Welcker et al. does not expressly disclose applying, by the TCP proxy, a certified timestamp to the data packet to form a certified timestamped data packet; and forwarding, by the TCP proxy, the certified timestamped data packet to the application server device.
Osborne et al., for example, from an analogous field of endeavor (Osborne et al., [0012] timestamp systems and methods may issue high-assurance timestamps and may be integrated into standalone cryptographic service providers (CSPs), such as hardware security modules (HSMs)) discloses applying, by the TCP proxy, a certified timestamp to the data packet to form a certified timestamped data packet (Osborne et al., [0028] timestamps may be generated securely while delegating much of timestamp construction to an untrusted TSA); and forwarding, by the TCP proxy, the certified timestamped data packet to the application server device (Osborne et al., [0030] the TSA may provide to the CSP a timestamp data structure corresponding to a timestamp request not rejected by the TSA).
Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine applying, by the TCP proxy, a certified timestamp to the data packet to form a certified timestamped data packet; and forwarding, by the TCP proxy, the certified timestamped data packet to the application server device as taught by Osborne et al. with the system of Welcker et al.  in order to allow for a more optimized level of secure timestamp (Osborne et al., [0030]).

Regarding claims 2, 12, Welcker et al. - Osborne et al. discloses applying the certified timestamp includes: inserting the certified timestamp within an options field of a TCP header for the data packet (Osborne et al., [0032] a CSP-wide Boolean attribute may be added and used to restrict a CSP object to signing timestamp requests, with such keys rejecting any other kind of input data).  The motivation is the same as in claim 1.

Regarding claim 3, Welcker et al. - Osborne et al. discloses applying the certified timestamp includes one or more of: inserting the certified timestamp within a shim header for the data packet (Welcker et al., [col 14, ln 12 - 18] the request header includes authentication credentials for the request); or 
wrapping the data packet in another header that includes the certified timestamp (Osborne et al., [0032] the Boolean value, which can have either a true value or a false value at a given time for the corresponding request, indicates to the CSP whether the request is to be signed).  The motivation is the same as in claim 1.

Regarding claims 4, 13, Welcker et al. - Osborne et al. discloses applying the certified timestamp includes: 
generating a signature based on the digital certificate (Welcker et al., [col 10, ln 16 - 21] the credential information may include a digital signature generated using a cryptographic key associated with the client computer system); 
obtaining a time value from a master timing source in the application service layer network (Welcker et al., [col 16, ln 63 - 67] the body includes a timestamp and a digital signature where the timestamp identifies when the request was generated, and the digital signature is a credential that the proxy server uses to authorize the request); and 
adding the signature and the time value to the data packet (Osborne et al., [0027] depending on the timestamp request metadata and the TSA implementation, the resulting signed timestamp in response to the user application may either include all metadata necessary for standalone verification).  The motivation is the same as in claim 1.

Regarding claims 6, 15, Welcker et al. - Osborne et al. discloses the TCP proxy includes an instance of a virtual machine executing on the one or more network devices (Welcker et al., [col 5, ln 5 - 9] the proxy server may be a computer system, server cluster, or virtual computer system capable of hosting a database proxy service).

Regarding claims 8, 17, Welcker et al. - Osborne et al. discloses providing, to the application server device, a network address for the TCP proxy (Welcker et al., [col 5, ln 5 - 9] for each database server used by the database proxy service, the database proxy service may record information that includes a network address for the database server).

Regarding claim 11, Welcker et al. discloses a network device in an application service layer network (Welcker et al., FIG. 2, proxy server; [col 3, ln 1 -2] a proxy server modifies the operation of a database system by acting as an intermediary between a database client and a database server), the network device comprising: a communications interface (Welcker et al., FIG. 2; network interface 206); a memory to store instructions (Welcker et al., FIG. 2; database 214); and one or more processors (Welcker et al., FIG. 2; processor 208), wherein the one or more processors execute the instructions to: 
receive a service request for a latency certification service (Welcker et al., [col 3, ln 2 - 5] a request is sent by the database client to the proxy server, and the proxy server applies one or more rules to the request; [col 10, ln 4 - 9] a client computer system generating a request to be submitted to the database server by the proxy server); 
instantiate, in response to the service request, a Transmission Control Protocol (TCP) proxy (Welcker et al., FIG. 1; proxy server 102; [col 3, ln 13 - 18] a database client that is configured to communicate with the database server is redirected to communicate with the proxy server, and the proxy server provides an interface to the database client that is compatible with the database client while modifying the operation of the database server) for a data session between an application server device and a user equipment (UE) device (Welcker et al., FIG. 1, client computer system 104; [col 5, ln 55 - 61] the logical connection between the proxy server and the database server is a transmission control protocol ("TCP") connection); 
obtain a digital certificate for the TCP proxy (Welcker et al.,[col 5, ln 55 - 61] the client identity field holds information that is capable of verifying the identity of the client such as a digital signature, a cryptographic key, or digital certificate; [col 10, ln 19 - 25] the credential information may include a digital signature generated using a cryptographic key associated with the client computer system); 
receive, at the TCP proxy, a data packet from the UE device (Welcker et al.,[col 13, ln 37 - 40] the proxy server receives the web request from the client computer system and generates a set of SQL commands that, when executed by a database server, fulfill the request). 
Welcker et al. does not expressly disclose apply, by the TCP proxy, a certified timestamp to the data packet to form a certified timestamped data packet; and forward, by the TCP proxy, the certified timestamped data packet to the application server device.
Osborne et al., for example, from an analogous field of endeavor (Osborne et al., [0012] timestamp systems and methods may issue high-assurance timestamps and may be integrated into standalone cryptographic service providers (CSPs), such as hardware security modules (HSMs)) discloses apply, by the TCP proxy, a certified timestamp to the data packet to form a certified timestamped data packet (Osborne et al., [0028] timestamps may be generated securely while delegating much of timestamp construction to an untrusted TSA); and forward, by the TCP proxy, the certified timestamped data packet to the application server device (Osborne et al., [0030] the TSA may provide to the CSP a timestamp data structure corresponding to a timestamp request not rejected by the TSA).
Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine apply, by the TCP proxy, a certified timestamp to the data packet to form a certified timestamped data packet; and forward, by the TCP proxy, the certified timestamped data packet to the application server device as taught by Osborne et al. with the system of Welcker et al.  in order to allow for a more optimized level of secure timestamp (Osborne et al., [0030]).

Regarding claim 18, Welcker et al. discloses a non-transitory computer-readable storage medium storing instructions (Welcker et al., FIG. 2; database 214) executable by a processor of a device (Welcker et al., FIG. 2; processor 208), which when executed cause the device to: 
receive a service request for a latency certification service (Welcker et al., [col 3, ln 2 - 5] a request is sent by the database client to the proxy server, and the proxy server applies one or more rules to the request; [col 10, ln 4 - 9] a client computer system generating a request to be submitted to the database server by the proxy server); 
instantiate, in response to the service request, a Transmission Control Protocol (TCP) proxy (Welcker et al., FIG. 1; proxy server 102; [col 3, ln 13 - 18] a database client that is configured to communicate with the database server is redirected to communicate with the proxy server, and the proxy server provides an interface to the database client that is compatible with the database client while modifying the operation of the database server) for a data session between an application server device and a user equipment (UE) device (Welcker et al., FIG. 1, client computer system 104; [col 5, ln 55 - 61] the logical connection between the proxy server and the database server is a transmission control protocol ("TCP") connection); 
obtain a digital certificate for the TCP proxy (Welcker et al.,[col 5, ln 55 - 61] the client identity field holds information that is capable of verifying the identity of the client such as a digital signature, a cryptographic key, or digital certificate; [col 10, ln 19 - 25] the credential information may include a digital signature generated using a cryptographic key associated with the client computer system); 
receive, at the TCP proxy, a data packet from the UE device(Welcker et al.,[col 13, ln 37 - 40] the proxy server receives the web request from the client computer system and generates a set of SQL commands that, when executed by a database server, fulfill the request). 
Welcker et al. does not expressly disclose apply, by the TCP proxy, a certified timestamp to the data packet to form a certified timestamped data packet; and forward, by the TCP proxy, the certified timestamped data packet to the application server device.
Osborne et al., for example, from an analogous field of endeavor (Osborne et al., [0012] timestamp systems and methods may issue high-assurance timestamps and may be integrated into standalone cryptographic service providers (CSPs), such as hardware security modules (HSMs)) discloses apply, by the TCP proxy, a certified timestamp to the data packet to form a certified timestamped data packet (Osborne et al., [0028] timestamps may be generated securely while delegating much of timestamp construction to an untrusted TSA); and forward, by the TCP proxy, the certified timestamped data packet to the application server device (Osborne et al., [0030] the TSA may provide to the CSP a timestamp data structure corresponding to a timestamp request not rejected by the TSA).
Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine apply, by the TCP proxy, a certified timestamp to the data packet to form a certified timestamped data packet; and forward, by the TCP proxy, the certified timestamped data packet to the application server device as taught by Osborne et al. with the system of Welcker et al.  in order to allow for a more optimized level of secure timestamp (Osborne et al., [0030]).

Regarding claim 19, Welcker et al. - Osborne et al. discloses insert the certified timestamp within an options field of a TCP header for the data packet (Osborne et al., [0032] a CSP-wide Boolean attribute may be added and used to restrict a CSP object to signing timestamp requests, with such keys rejecting any other kind of input data); 
insert the certified timestamp within a shim header for the data packet (Welcker et al., [col 14, ln 12 - 18] the request header includes authentication credentials for the request); or 
wrap the data packet in another header that includes the certified timestamp (Osborne et al., [0032] the Boolean value, which can have either a true value or a false value at a given time for the corresponding request, indicates to the CSP whether the request is to be signed).  The motivation is the same as in claim 18.

Claims 5, 10, 14 are rejected under 35 U.S.C. 103 as being unpatentable over Welcker et al. and Osborne et al., as applied to claim 1 above, and further in view of Zhang et al. (US 20200351900 A1).

Regarding claim 5, Welcker et al. and Osborne et al. do not expressly disclose the master timing source is accurate within about 100 nanoseconds.
Zhang et al., for example, from an analogous field of endeavor (Zhang et al., [0027] resource allocation among edge computing nodes may take into consideration the unique conditions applicable in 5G edge computing, including the availability of multiple wireless access points and an assured delay constraint between a user and the edge nodes) discloses the master timing source is accurate within about 100 nanoseconds (Zhang et al., [0045] a 5G service may be designed to support very restricted delay constraints for certain applications, e.g., a delay of a few milliseconds, or a delay specified in nanoseconds).
Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine the master timing source is accurate within about 100 nanoseconds as taught by Zhang et al. with the combined system of Welcker et al. and Osborne et al. in order to support 5G services (Zhang et al., [0045]).

Regarding claim 10, Welcker et al. and Osborne et al. do not expressly disclose the one or more network devices are included within one of: an edge hub for a radio access network; or a multi-access edge computing (MEC) network.
Zhang et al., for example, from an analogous field of endeavor (Zhang et al., [0027] resource allocation among edge computing nodes may take into consideration the unique conditions applicable in 5G edge computing, including the availability of multiple wireless access points and an assured delay constraint between a user and the edge nodes) discloses the one or more network devices are included within one of: an edge hub for a radio access network; or a multi-access edge computing (MEC) network (Zhang et al., [0045] edge computing technology may enable support for delay-critical applications and for mobile edge computing as well as for fog computing).
Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine the one or more network devices are included within one of: an edge hub for a radio access network; or a multi-access edge computing (MEC) network as taught by Zhang et al. with the combined system of Welcker et al. and Osborne et al. in order to support 5G services (Zhang et al., [0047]).

Regarding claim 14, Welcker et al. and Osborne et al. do not expressly disclose obtain a time value from a master timing source in the application service layer network.
Zhang et al., for example, from an analogous field of endeavor (Zhang et al., [0027] resource allocation among edge computing nodes may take into consideration the unique conditions applicable in 5G edge computing, including the availability of multiple wireless access points and an assured delay constraint between a user and the edge nodes) discloses obtain a time value from a master timing source in the application service layer network (Zhang et al., [0045] a 5G service may be designed to support very restricted delay constraints for certain applications, e.g., a delay of a few milliseconds, or a delay specified in nanoseconds).
Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine obtain a time value from a master timing source in the application service layer network as taught by Zhang et al. with the combined system of Welcker et al. and Osborne et al. in order to support 5G services (Zhang et al., [0045]).


Claims 7, 16, are rejected under 35 U.S.C. 103 as being unpatentable over Welcker et al. and Osborne et al., as applied to claim 1 above, and further in view of Noy et al. (US 20130058212 A1).
Regarding claim 7, 16, Welcker et al. - Osborne et al. do not expressly disclose applying the certified timestamp further includes: determining, by the one or more network devices, an estimated air transit time between the UE device and the one or more network devices, and adding the estimated air transit time to the certified timestamp.
Noy et al., for example, from an analogous field of endeavor (Noy et al., [0017] a TCP Proxy apparatus for a wireless network section to a TCP-enabled network includes a latency aware unit for monitoring round trip time) discloses determining, by the one or more network devices, an estimated air transit time between the UE device and the one or more network devices (Noy et al., [0067] a latency aware unit for monitoring round trip time over the wireless network section to determine latency within the wireless section), and adding the estimated air transit time to the certified timestamp (Noy et al., [0068] the filter is configured to output a value being a lowest of a plurality of latency measurements over a preset time frame).
Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine determining, by the one or more network devices, an estimated air transit time between the UE device and the one or more network devices, and adding the estimated air transit time to the certified timestamp as taught by Noy et al. with the combined system of Welcker et al. and Osborne et al. in order to calculate a rate as a function of the filter output (Noy et al., [0075]).

Claims 9, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Welcker et al. and Osborne et al., as applied to claim 1 above, and further in view of Neale et al. (US 20030123481 A1).
Regarding claim 9, Welcker et al. - Osborne et al. do not expressly disclose determining, by the one or more network devices, that the data session between the application server device and the UE device has ended; and tearing down the TCP proxy based on the determining.
Neale et al., for example, from an analogous field of endeavor (Neale et al., [0129] connection tear-down is facilitated by the PEPs involved by the PEPs communicating TCP/FP reset packets to themselves and the end points to ensure the return to a known state without unnecessary delay) discloses determining, by the one or more network devices, that the data session between the application server device and the UE device has ended; and tearing down the TCP proxy based on the determining (Neale et al., [0180] ICMP messages may trigger an end to end tear-down before connection setup, or a retransmission attempt after connection establishment).
Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine determining, by the one or more network devices, that the data session between the application server device and the UE device has ended; and tearing down the TCP proxy based on the determining as taught by Neale et al. with the combined system of Welcker et al. and Osborne et al. in order to set up, tear down and manage the tunnel (Neale et al., [0180]).

Regarding claim 20, Welcker et al. - Osborne et al. discloses provide, to the application server device, a network address for the TCP proxy (Welcker et al., [col 5, ln 5 - 9] for each database server used by the database proxy service, the database proxy service may record information that includes a network address for the database server); 
Welcker et al. - Osborne et al. do not expressly disclose determine that the data session between the application server device and the UE device has ended; and tear down the TCP proxy based on determining that the data session between the application server device and the UE device has ended.
Neale et al., for example, from an analogous field of endeavor (Neale et al., [0129] connection tear-down is facilitated by the PEPs involved by the PEPs communicating TCP/FP reset packets to themselves and the end points to ensure the return to a known state without unnecessary delay) discloses determining, by the one or more network devices, that the data session between the application server device and the UE device has ended; and tearing down the TCP proxy based on the determining (Neale et al., [0180] ICMP messages may trigger an end to end tear-down before connection setup, or a retransmission attempt after connection establishment).
Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine determining, by the one or more network devices, that the data session between the application server device and the UE device has ended; and tearing down the TCP proxy based on the determining as taught by Neale et al. with the combined system of Welcker et al. and Osborne et al. in order to set up, tear down and manage the tunnel (Neale et al., [0180]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Gao et al. (US 20200322233 A1) is cited to show receiving a request from a client device for a deployment of a client service to a mobile edge infrastructure of a telecommunication network, the mobile edge infrastructure including host devices, and determine at least one requirement for the client service, including at least one of: a distance requirement, comprising a maximum distance between the client device and a candidate host device for deploying the service, or a latency requirement, comprising a maximum latency between the client device and the candidate host device for deploying the service, which is similar to aspects of the claimed invention.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIONEL PREVAL whose telephone number is (571)270-5673.  The examiner can normally be reached on Monday-Thursday 10-4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NOEL BEHARRY can be reached on 5712705630.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/L.P./Examiner, Art Unit 2416 



/AJIT PATEL/Primary Examiner, Art Unit 2416