DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a Final Office action in response to communications received on 10/29/2021. 

Response to Amendment
Claims 10 and 15 have been cancelled. Claims 16-18 have been newly added. Claims 1-9, 11-14 and 16-18 have been examined. 
Claims 1, 3, 5, 8, 11, 13, 14 have been amended. 
Examiner’s objection of claim 5 is withdrawn in light of the applicant’s amendments to the claim. 
Applicant's arguments filed with respect to claims 11-13 regarding the rejection under 35 U.S.C 101 have been fully considered but they are not persuasive. As per the applicant’s arguments that the specification of the instant application teaches that the alternate mode controller and secure mode controllers are only implemented using hardware, the examiner respectfully disagrees. The applicant cited paragraph [0023] states that the secure mode controller 124 and the alternate mode controller 128 may be implemented by hardware. The paragraph also states that the secure mode controller 124 and the alternate mode controller 128 maybe implemented by software or firmware. Similarly, the applicant cited paragraph [0024] states that the secure mode controller 140 and the alternated mode controller 144 may be implemented by hardware. The paragraph also states that the secure mode controller 140 and the alternate mode controller 144 maybe implemented by software or firmware., i.e., specification does not explicitly and clearly recite the secure mode controllers 124, 140 and the alternate mode controllers 128, 144 are only implemented in hardware. Based on the language recited in the specification, it is within the scope of one of ordinary skill in the art to construe the secure mode controllers 124, 140 and the alternate mode controllers 128, 144 to be implemented by software only. 
Applicant’s arguments with respect to claims 1, 11 and 14 regarding the new limitations: “in response to the device being authenticated, exposing to the device a second secure alternate mode, the second secure alternate mode including a non-secure alternate mode”, have been considered but are moot in view of the new ground of rejection presented in the current rejection. As per the applicant’s arguments that prior arts of record fail to teach these limitations, the examiner respectfully disagrees. Kroselberg teaches: [0088] The authentication phase according to FIG. 2A is identical to the authentication of the mobile communication terminal 101 and of the mobile radio network computer 102 in the communication system 200 carried out according to the first exemplary embodiment. [0089] According to FIG. 2B, a negotiation of a security association is initiated in a registration message 201 by the mobile communication terminal 101, with a list 202 of possible security associations already being included in the registration message 201 according to this exemplary embodiment. [0090] According to this exemplary embodiment, two possible security associations are proposed in the list 202 with possible security associations: [0091] first possible security association: [0092] integrity algorithm SHA-1. [0095] second possible security association: [0096] integrity algorithm MD5. [0099] According to this exemplary embodiment, the security associations are coded according to the format as specified in IETF RFC 2409. The coded security associations are transmitted in the SIP messages, transparently in each case as their user data. [0100] This clearly means for the second exemplary embodiment that the possible security associations are now proposed by the mobile communication terminal 101, i.e., after authentication, the mobile communication terminal exposes security associations (second secure alternate modes) supported by the mobile communication terminal to the mobile radio network computer 102.  And, Adachi teaches: column 5, line 62-column 6, line 8: That is, the following assumptions are made: "enc.0" corresponds to (1) "no WEP" (non-secure alternate mode). "enc.1" corresponds to (2) "WEP present and 64-bit WEP used". "enc.2" corresponds to (3) "WEP present and 128-bit WEP used". Column 10, lines 26-41: The terminal WL13 receives a beacon frame specified in the IEEE802.11 and transmitted from the access point AP1. According to the specification of the IEEE802.11, the beacon frame is received and then an authentication and association procedures are followed. The security levels of the terminal WL13 are written in the authentication or association frame as information communicated to the access point AP1. FIG. 7 shows by way of example a procedure used if the access point AP1 is notified of the security level of the terminal WL13 using an authentication frame. It is assumed that, in this procedure, the security levels of the terminal WL13 are "enc.0" and "enc.1". Column 16, lines 1-15: The access point AP1 sets the selected one security level to be used for communication with the terminal WL13. If, for example, the terminal WL13 notifies the access point of the security levels "enc.0" and "enc.1", then it is permitted to be connected to the access point AP1, i.e., the terminal WL13 exposes security levels "enc.0" and "enc.1" (second secure alternate mode including a non-secure alternate mode) that are supported by the terminal to access point AP1. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 11-13 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter. Claim 11 is directed to an apparatus comprising an alternate mode controller and a secure mode controller. The specification of the instant application does not explicitly recite that the controllers are implemented using only hardware. Therefore, it is within the scope of one of ordinary skill in the art to construe the alternate mode controller and the secure mode controller to be implemented using only software. Therefore, claim 11 is directed to an apparatus comprising of only software elements which is non-statutory. Similarly, claim 12 and 13 are also non-statutory.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 11 and 14 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claims 1, 11 and 14 recite: “the second secure alternate mode including a non-secure alternate mode”. The examiner has not found support in the specification for this limitation. The published specification of the instant application recites: [0026] After successful authentication, the example interaction 200 begins a second alternate mode negotiation session 209 in which the example alternate mode controller 128 obtains a new second list of (non-) secure alternate modes from the example secure mode controller 126 (line 210). [0031] If the other device is authenticated (block 310), the example alternate mode controller 128, in a second alternate mode negotiation session 209 (FIG. 2), obtains another list of available (non-) secure alternate modes from the example secure mode controller 124 that are available after authentication (block 312). The alternate mode controller 128 publishes the new second list of available (non-) secure alternate modes (block 314), i.e., the specification recites that after authentication, secure and/or non-secure alternate modes are published, i.e., the specification supports publishing second secure alternate modes and non-secure alternate modes but the examiner did not find support in the specification for the second secure alternate mode including a non-secure alternate mode. 

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 11 and 14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claims 1, 11 and 14 recite: “the second secure alternate mode including a non-secure alternate mode”. The terms secure and non-secure are contradictory. Therefore, it is unclear how a secure alternate mode can include a non-secure alternate mode. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-7, 9, 11-14 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over prior arts of record US 5784566 to Viavant et al (hereinafter Viavant), US 20040210766 to Kroselberg (hereinafter Kroselberg) and US 7813508 to Adachi et al (hereinafter Adachi).
As per claim 1, Viavant teaches:
A method, comprising: 
exposing to a device, during a first alternate mode negotiation session, an availability of a first secure alternate mode on a host (Viavant: column 6, lines 43-65: As shown in FIG. 5, at step 166 each process first composes a list of authentication service methods which it supports. This list may be ordered by preference, such that if a user prefers a particular method, it appears at the front of the list. The client then sends its list to the server. In step 168, the server compares the client's list with its own list to determine if the processes share an authentication method. The server then sends back one of the following responses: (3) authentication type--describes the authentication method to be used. The server ordinarily uses the first authentication method it supports in the client's list); 
authenticating the device to the host using the first secure alternate mode (Viavant: column 6, lines 43-65: If agreement has been reached on an authentication type, the server calls the initialization and function of the adapter corresponding to the agreed-upon authentication method. Column 7, lines 4-20: If the negotiation does not fail and authentication will be used, in step 170, the client: (1) calls the initialization function of the agreed-upon authentication method; (2) calls the connect function for the authentication method; (3) obtains an authentication credential using the retrieval function of the authentication adapter; and (4) sends the credential to the server. In step 172, upon response from the client, the server: (1) initializes its context using the agreed-upon authentication method; (2) stores the data about the client into its authentication context; and (3) calls the validation function of the authentication adapter. The next action taken by the server depends upon the status returned by the validation function of the authentication adapter. If the status returned is "successful," the server returns that status and other information to the client. After the connect protocol is complete, the "connection completion" routine is called);
Viavant does not teach:  in response to the device being authenticated, exposing to the device a second secure alternate mode, the second secure alternate mode including a non-secure alternate mode. However, Kroselberg teaches:
in response to the device being authenticated, exposing to the device a second secure alternate mode (Kroselberg: [0066]-[0068]. [0088] The authentication phase according to FIG. 2A is identical to the authentication of the mobile communication terminal 101 and of the mobile radio network computer 102 in the communication system 200 carried out according to the first exemplary embodiment. [0089] According to FIG. 2B, a negotiation of a security association is initiated in a registration message 201 by the mobile communication terminal 101, with a list 202 of possible security associations already being included in the registration message 201 according to this exemplary embodiment. [0090] According to this exemplary embodiment, two possible security associations are proposed in the list 202 with possible security associations: [0091] first possible security association: [0092] integrity algorithm SHA-1. [0095] second possible security association: [0096] integrity algorithm MD5. [0099] According to this exemplary embodiment, the security associations are coded according to the format as specified in IETF RFC 2409. The coded security associations are transmitted in the SIP messages, transparently in each case as their user data. [0100] This clearly means for the second exemplary embodiment that the possible security associations are now proposed by the mobile communication terminal 101. Also, [0101]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Kroselberg in the invention of Viavant to include the above limitations. The motivation to do so would be to provide negotiating a security association on the application layer between two computers which can be easily implemented and is of a more flexible form (Kroselberg: [0026]).
Viavant in view of Kroselberg teaches exposing a second secure alternate mode but does not teach: the second secure alternate mode including a non-secure alternate mode. However, Adachi teaches:
the second secure alternate mode including a non-secure alternate mode (Adachi: column 5, line 62-column 6, line 8: That is, the following assumptions are made: "enc.0" corresponds to (1) "no WEP" (non-secure alternate mode). "enc.1" corresponds to (2) "WEP present and 64-bit WEP used". "enc.2" corresponds to (3) "WEP present and 128-bit WEP used". Column 10, lines 26-41: The terminal WL13 receives a beacon frame specified in the IEEE802.11 and transmitted from the access point AP1. According to the specification of the IEEE802.11, the beacon frame is received and then an authentication and association procedures are followed. The security levels of the terminal WL13 are written in the authentication or association frame as information communicated to the access point AP1. FIG. 7 shows by way of example a procedure used if the access point AP1 is notified of the security level of the terminal WL13 using an authentication frame. It is assumed that, in this procedure, the security levels of the terminal WL13 are "enc.0" and "enc.1". Column 16, lines 1-15: The access point AP1 sets the selected one security level to be used for communication with the terminal WL13. If, for example, the terminal WL13 notifies the access point of the security levels "enc.0" and "enc.1", then it is permitted to be connected to the access point AP1).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Adachi in the invention of Viavant in view of Kroselberg to include the above limitations. The motivation to do so would be to enable wireless communication while ensuring a minimum security level for each basic group of a wireless LAN on the basis of encryption preset for the basic group (Adachi: column 2, lines 57-62).

As per claim 2, Viavant in view of Kroselberg and Adachi teaches:
The method of claim 1, further including exposing the second secure alternate mode to an authenticated device without exposing the second secure alternate mode to an unauthenticated device (Viavant: column 6, lines 62-67: If agreement has been reached on an authentication type, the server calls the initialization and function of the adapter corresponding to the agreed-upon authentication method. If the negotiation fails, the client aborts the connection as shown in step 168. Column 7, lines 16-35: If the status returned is "failure," the server simply returns the failure status to the client. If the server indicates "failure," the client aborts the connection. Kroselberg: [0066]-[0068]. [0088] The authentication phase according to FIG. 2A is identical to the authentication of the mobile communication terminal 101 and of the mobile radio network computer 102 in the communication system 200 carried out according to the first exemplary embodiment. [0089] According to FIG. 2B, a negotiation of a security association is initiated in a registration message 201 by the mobile communication terminal 101, with a list 202 of possible security associations already being included in the registration message 201 according to this exemplary embodiment. [0090] According to this exemplary embodiment, two possible security associations are proposed in the list 202 with possible security associations: [0091] first possible security association: [0092] integrity algorithm SHA-1. [0095] second possible security association: [0096] integrity algorithm MD5. [0099] According to this exemplary embodiment, the security associations are coded according to the format as specified in IETF RFC 2409. The coded security associations are transmitted in the SIP messages, transparently in each case as their user data, i.e., the list of security associations are exposed only after mobile communication terminal 101 is authenticated).
The examiner provides the same rationale to combine prior arts Viavant and Kroselberg as in claim 1 above.

As per claim 3, Viavant in view of Kroselberg and Adachi teaches: 
The method of claim 1, wherein exposing the second secure alternate mode to the device includes exposing the non-secure alternate mode to the device separately from the exposing of the device to the first secure alternate mode (Viavant: column 6, lines 43-65: As shown in FIG. 5, at step 166 each process first composes a list of authentication service methods which it supports. This list may be ordered by preference, such that if a user prefers a particular method, it appears at the front of the list. The client then sends its list to the server. In step 168, the server compares the client's list with its own list to determine if the processes share an authentication method. The server then sends back one of the following responses: (3) authentication type--describes the authentication method to be used. The server ordinarily uses the first authentication method it supports in the client's list. Kroselberg: [0088] The authentication phase according to FIG. 2A is identical to the authentication of the mobile communication terminal 101 and of the mobile radio network computer 102 in the communication system 200 carried out according to the first exemplary embodiment. [0089] According to FIG. 2B, a negotiation of a security association is initiated in a registration message 201 by the mobile communication terminal 101, with a list 202 of possible security associations already being included in the registration message 201 according to this exemplary embodiment. Adachi: FIG. 7 shows by way of example a procedure used if the access point AP1 is notified of the security level of the terminal WL13 using an authentication frame. It is assumed that, in this procedure, the security levels of the terminal WL13 are "enc.0" and "enc.1", i.e., the non-secure alternate mode is exposed separately from the first secure alternate mode).
The examiner provides the same rationale to combine prior arts Viavant, Kroselberg and Adachi as in claim 1 above.

As per claim 4, Viavant in view of Kroselberg and Adachi teaches:
The method of claim 1, further including exposing the second secure alternate mode in a second alternate mode negotiation session after the device is authenticated (Kroselberg: [0068] An authentication acknowledgement message 109 is transmitted at the end of the authentication phase by the mobile radio network computer 102 to the mobile communication terminal 101 to confirm successful authentication of the mobile communication terminal 101 by the mobile radio network. [0070]-[0071]: In response to the registration message 110, the mobile radio network computer 102 sends, inter alia, to the mobile communication terminal 101, in a first SIP response message 111 of the "unauthorized" type, in particular a further random number 112 and authentication data 113 and also a list 114 of security associations available for selection. Also, [0072]-[0081], i.e., the list of security associations are exposed only after mobile communication terminal 101 is authenticated).
The examiner provides the same rationale to combine prior arts Viavant and Kroselberg as in claim 1 above.

As per claim 5, Viavant in view of Kroselberg and Adachi teaches:
The method of claim 4, wherein at least one of the first alternate mode negotiation session includes the second alternate mode negotiation session, or the second alternate mode negotiation session is initiated after a restart of the first alternate mode negotiation session (Viavant: column 7, lines 27-35: Next, in step 174, the client performs one of the following actions depending on the server response in step 172. If the server indicates "success," the client stores any return data in the authentication structure. If the server indicates "more authentication", the client uses the returned data, if any, to repeat the connection process as illustrated by the loop arrow in FIG. 5. Kroselberg: [0068] An authentication acknowledgement message 109 is transmitted at the end of the authentication phase by the mobile radio network computer 102 to the mobile communication terminal 101 to confirm successful authentication of the mobile communication terminal 101 by the mobile radio network. [0070]-[0071]: In response to the registration message 110, the mobile radio network computer 102 sends, inter alia, to the mobile communication terminal 101, in a first SIP response message 111 of the "unauthorized" type, in particular a further random number 112 and authentication data 113 and also a list 114 of security associations available for selection. Also, [0072]-[0081], i.e., the negotiation for the security associations is initiated after restarting the authentication process)
The examiner provides the same rationale to combine prior arts Viavant and Kroselberg as in claim 1 above.

As per claim 6, Viavant in view of Kroselberg and Adachi teaches:
The method of claim 1, further including: exposing the first secure alternate mode in a first list of supported alternate modes (Viavant: column 6, lines 43-65: As shown in FIG. 5, at step 166 each process first composes a list of authentication service methods which it supports. This list may be ordered by preference, such that if a user prefers a particular method, it appears at the front of the list. The client then sends its list to the server. In step 168, the server compares the client's list with its own list to determine if the processes share an authentication method. The server then sends back one of the following responses: (3) authentication type--describes the authentication method to be used. The server ordinarily uses the first authentication method it supports in the client's list); and exposing the second secure alternate mode in a second list of supported alternate modes, wherein the second secure alternate mode is not included in the first list of supported alternate modes (Kroselberg: [0068] An authentication acknowledgement message 109 is transmitted at the end of the authentication phase by the mobile radio network computer 102 to the mobile communication terminal 101 to confirm successful authentication of the mobile communication terminal 101 by the mobile radio network. [0070]-[0071]: In response to the registration message 110, the mobile radio network computer 102 sends, inter alia, to the mobile communication terminal 101, in a first SIP response message 111 of the "unauthorized" type, in particular a further random number 112 and authentication data 113 and also a list 114 of security associations available for selection. Also, [0072]-[0081]).
The examiner provides the same rationale to combine prior arts Viavant and Kroselberg as in claim 1 above.

As per claim 7, Viavant in view of Kroselberg and Adachi teaches:
The method of claim 1, further including establishing the second secure alternate mode with the device (Kroselberg: [0082]: A desired security association, with the cryptographic parameters determined in it, is selected by the mobile communication terminal 101 and the mobile communication terminal 101 sends the selected security association 115 back to the mobile radio network computer 102 in a further SIP message 116 as security association user data. [0083]-[0084]. [0085] FIG. 1C shows a subsequently set up communication link for the transmission of user data between the mobile communication terminal 101 and the mobile radio network computer 102, the user data 119 being protected using the cryptographic security mechanisms as they are defined in the selected security association 118).
The examiner provides the same rationale to combine prior arts Viavant and Kroselberg as in claim 1 above.

As per claim 9, Viavant in view of Kroselberg and Adachi teaches:
The method of claim 1, further including: receiving a list of available secure alternate modes from a secure mode controller; selecting the first secure alternate mode from the list of available secure alternate modes; and authenticating the device using the secure mode controller (Viavant: column 6, lines 43-65: As shown in FIG. 5, at step 166 each process first composes a list of authentication service methods which it supports. This list may be ordered by preference, such that if a user prefers a particular method, it appears at the front of the list. The client then sends its list to the server. In step 168, the server compares the client's list with its own list to determine if the processes share an authentication method. The server then sends back one of the following responses: (3) authentication type--describes the authentication method to be used. The server ordinarily uses the first authentication method it supports in the client's list. If agreement has been reached on an authentication type, the server calls the initialization and function of the adapter corresponding to the agreed-upon authentication method. Column 7, lines 4-20: If the negotiation does not fail and authentication will be used, in step 170, the client: (1) calls the initialization function of the agreed-upon authentication method; (2) calls the connect function for the authentication method; (3) obtains an authentication credential using the retrieval function of the authentication adapter; and (4) sends the credential to the server. In step 172, upon response from the client, the server: (1) initializes its context using the agreed-upon authentication method; (2) stores the data about the client into its authentication context; and (3) calls the validation function of the authentication adapter. The next action taken by the server depends upon the status returned by the validation function of the authentication adapter. If the status returned is "successful," the server returns that status and other information to the client. After the connect protocol is complete, the "connection completion" routine is called).

As per claim 11, Viavant teaches:
A multi-mode interface apparatus, comprising: 
an alternate mode controller to receive, during a first alternate mode negotiation session, notice of availability of a first secure alternate mode (Viavant: column 6, lines 43-65: As shown in FIG. 5, at step 166 each process first composes a list of authentication service methods which it supports. This list may be ordered by preference, such that if a user prefers a particular method, it appears at the front of the list. The client then sends its list to the server. In step 168, the server compares the client's list with its own list to determine if the processes share an authentication method. The server then sends back one of the following responses: (3) authentication type--describes the authentication method to be used. The server ordinarily uses the first authentication method it supports in the client's list); and 
a secure mode controller to, in response to selection of the first secure alternate mode, authenticate to a device using the first secure alternate mode (Viavant: column 6, lines 43-65: If agreement has been reached on an authentication type, the server calls the initialization and function of the adapter corresponding to the agreed-upon authentication method. Column 7, lines 4-20: If the negotiation does not fail and authentication will be used, in step 170, the client: (1) calls the initialization function of the agreed-upon authentication method; (2) calls the connect function for the authentication method; (3) obtains an authentication credential using the retrieval function of the authentication adapter; and (4) sends the credential to the server. In step 172, upon response from the client, the server: (1) initializes its context using the agreed-upon authentication method; (2) stores the data about the client into its authentication context; and (3) calls the validation function of the authentication adapter. The next action taken by the server depends upon the status returned by the validation function of the authentication adapter. If the status returned is "successful," the server returns that status and other information to the client. After the connect protocol is complete, the "connection completion" routine is called), 
Viavant does not teach: the alternate mode controller to, in response to an authentication of the device, receive, during a second alternate mode negotiation session, notice of an availability of a second secure alternate mode from the device, the second secure alternate mode including a non-secure alternate mode. However, Kroselberg teaches:
the alternate mode controller to, in response to an authentication of the device, receive, during a second alternate mode negotiation session, notice of an availability of a second secure alternate mode from the device (Kroselberg: [0066]-[0068]. [0088] The authentication phase according to FIG. 2A is identical to the authentication of the mobile communication terminal 101 and of the mobile radio network computer 102 in the communication system 200 carried out according to the first exemplary embodiment. [0089] According to FIG. 2B, a negotiation of a security association is initiated in a registration message 201 by the mobile communication terminal 101, with a list 202 of possible security associations already being included in the registration message 201 according to this exemplary embodiment. [0090] According to this exemplary embodiment, two possible security associations are proposed in the list 202 with possible security associations: [0091] first possible security association: [0092] integrity algorithm SHA-1. [0095] second possible security association: [0096] integrity algorithm MD5. [0099] According to this exemplary embodiment, the security associations are coded according to the format as specified in IETF RFC 2409. The coded security associations are transmitted in the SIP messages, transparently in each case as their user data. [0100] This clearly means for the second exemplary embodiment that the possible security associations are now proposed by the mobile communication terminal 101. [0101] After reception of the registration message 201 with the list 202 of possible security associations, the mobile radio network computer 102 generates and transmits a response message 203, which contains a random number 204, an authentication indication 205 and also the security association 206 selected by the mobile radio network computer 102).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Kroselberg in the invention of Viavant to include the above limitations. The motivation to do so would be to provide negotiating a security association on the application layer between two computers which can be easily implemented and is of a more flexible form (Kroselberg: [0026]).
Viavant in view of Kroselberg teaches exposing a second secure alternate mode but does not teach: the second secure alternate mode including a non-secure alternate mode. However, Adachi teaches:
the second secure alternate mode including a non-secure alternate mode (Adachi: column 5, line 62-column 6, line 8: That is, the following assumptions are made: "enc.0" corresponds to (1) "no WEP" (non-secure alternate mode). "enc.1" corresponds to (2) "WEP present and 64-bit WEP used". "enc.2" corresponds to (3) "WEP present and 128-bit WEP used". Column 10, lines 26-41: The terminal WL13 receives a beacon frame specified in the IEEE802.11 and transmitted from the access point AP1. According to the specification of the IEEE802.11, the beacon frame is received and then an authentication and association procedures are followed. The security levels of the terminal WL13 are written in the authentication or association frame as information communicated to the access point AP1. FIG. 7 shows by way of example a procedure used if the access point AP1 is notified of the security level of the terminal WL13 using an authentication frame. It is assumed that, in this procedure, the security levels of the terminal WL13 are "enc.0" and "enc.1". Column 16, lines 1-15: The access point AP1 sets the selected one security level to be used for communication with the terminal WL13. If, for example, the terminal WL13 notifies the access point of the security levels "enc.0" and "enc.1", then it is permitted to be connected to the access point AP1).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Adachi in the invention of Viavant in view of Kroselberg to include the above limitations. The motivation to do so would be to enable wireless communication while ensuring a minimum security level for each basic group of a wireless LAN on the basis of encryption preset for the basic group (Adachi: column 2, lines 57-62).

As per claim 12, Viavant in view of Kroselberg and Adachi teaches:
The multi-mode interface apparatus of claim 11, wherein the notice of the availability of the first secure alternate mode includes receiving a list of available modes, and wherein the second secure alternate mode is not included in the list of available modes (Viavant: column 6, lines 43-65: As shown in FIG. 5, at step 166 each process first composes a list of authentication service methods which it supports. This list may be ordered by preference, such that if a user prefers a particular method, it appears at the front of the list. The client then sends its list to the server. In step 168, the server compares the client's list with its own list to determine if the processes share an authentication method. The server then sends back one of the following responses: (3) authentication type--describes the authentication method to be used. The server ordinarily uses the first authentication method it supports in the client's list. Kroselberg: [0068] An authentication acknowledgement message 109 is transmitted at the end of the authentication phase by the mobile radio network computer 102 to the mobile communication terminal 101 to confirm successful authentication of the mobile communication terminal 101 by the mobile radio network. [0070]-[0071]: In response to the registration message 110, the mobile radio network computer 102 sends, inter alia, to the mobile communication terminal 101, in a first SIP response message 111 of the "unauthorized" type, in particular a further random number 112 and authentication data 113 and also a list 114 of security associations (second secure alternate modes) available for selection. Also, [0072]-[0081], i.e., the second secure alternate mode is not included in the list of authentication service methods (list of available modes)).
The examiner provides the same rationale to combine prior arts Viavant and Kroselberg as in claim 11 above.

As per claim 13, Viavant in view of Kroselberg and Adachi teaches:
The multi-mode interface apparatus of claim 11, wherein at least one of (a) the first alternate mode negotiation session includes the second alternate negotiation session, or (b) the second alternate mode negotiation session is initiated after a restart of the first alternate mode negotiation session (Viavant: column 7, lines 27-35: Next, in step 174, the client performs one of the following actions depending on the server response in step 172. If the server indicates "success," the client stores any return data in the authentication structure. If the server indicates "more authentication", the client uses the returned data, if any, to repeat the connection process as illustrated by the loop arrow in FIG. 5. Kroselberg: [0068] An authentication acknowledgement message 109 is transmitted at the end of the authentication phase by the mobile radio network computer 102 to the mobile communication terminal 101 to confirm successful authentication of the mobile communication terminal 101 by the mobile radio network. [0070]-[0071]: In response to the registration message 110, the mobile radio network computer 102 sends, inter alia, to the mobile communication terminal 101, in a first SIP response message 111 of the "unauthorized" type, in particular a further random number 112 and authentication data 113 and also a list 114 of security associations available for selection. Also, [0072]-[0081], i.e., the negotiation for the security associations is initiated after restarting the authentication process).
The examiner provides the same rationale to combine prior arts Viavant and Kroselberg as in claim 11 above.

As per claim 14, Viavant teaches:
A non-transitory computer-readable storage medium comprising instructions that, when executed, cause a machine to perform at least the operations of: 
authenticating a first alternate mode device to a second alternate mode device using a first secure alternate mode published by the first alternate mode device (Viavant: column 6, lines 43-65: As shown in FIG. 5, at step 166 each process first composes a list of authentication service methods which it supports. This list may be ordered by preference, such that if a user prefers a particular method, it appears at the front of the list. The client then sends its list to the server. In step 168, the server compares the client's list with its own list to determine if the processes share an authentication method. The server then sends back one of the following responses: (3) authentication type--describes the authentication method to be used. The server ordinarily uses the first authentication method it supports in the client's list. If agreement has been reached on an authentication type, the server calls the initialization and function of the adapter corresponding to the agreed-upon authentication method. Column 7, lines 4-20: If the negotiation does not fail and authentication will be used, in step 170, the client: (1) calls the initialization function of the agreed-upon authentication method; (2) calls the connect function for the authentication method; (3) obtains an authentication credential using the retrieval function of the authentication adapter; and (4) sends the credential to the server. In step 172, upon response from the client, the server: (1) initializes its context using the agreed-upon authentication method; (2) stores the data about the client into its authentication context; and (3) calls the validation function of the authentication adapter. The next action taken by the server depends upon the status returned by the validation function of the authentication adapter. If the status returned is "successful," the server returns that status and other information to the client. After the connect protocol is complete, the "connection completion" routine is called);
Viavant does not explicitly teach: establishing, in response to successful authentication of the first alternate mode device to the second alternate mode device, a second secure alternate mode between the first alternate mode device and the second alternate mode device, the second secure alternate mode published by at least one of the first alternate mode device or the second alternate mode device in response to the successful authentication of the first alternate mode device to the second alternate mode device, the second secure alternate mode including a non-secure alternate mode. However, Kroselberg teaches:
establishing, in response to successful authentication of the first alternate mode device to the second alternate mode device, a second secure alternate mode between the first alternate mode device and the second alternate mode device, the second secure alternate mode published by at least one of the first alternate mode device or the second alternate mode device in response to the successful authentication of the first alternate mode device to the second alternate mode device (Kroselberg: [0066]-[0068]. [0088] The authentication phase according to FIG. 2A is identical to the authentication of the mobile communication terminal 101 and of the mobile radio network computer 102 in the communication system 200 carried out according to the first exemplary embodiment. [0089] According to FIG. 2B, a negotiation of a security association is initiated in a registration message 201 by the mobile communication terminal 101, with a list 202 of possible security associations already being included in the registration message 201 according to this exemplary embodiment. [0090] According to this exemplary embodiment, two possible security associations are proposed in the list 202 with possible security associations: [0091] first possible security association: [0092] integrity algorithm SHA-1. [0095] second possible security association: [0096] integrity algorithm MD5. [0099] According to this exemplary embodiment, the security associations are coded according to the format as specified in IETF RFC 2409. The coded security associations are transmitted in the SIP messages, transparently in each case as their user data. [0100] This clearly means for the second exemplary embodiment that the possible security associations are now proposed by the mobile communication terminal 101. Also, [0101]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Kroselberg in the invention of Viavant to include the above limitations. The motivation to do so would be to provide negotiating a security association on the application layer between two computers which can be easily implemented and is of a more flexible form (Kroselberg: [0026]).
Viavant in view of Kroselberg teaches exposing a second secure alternate mode but does not teach: the second secure alternate mode including a non-secure alternate mode. However, Adachi teaches:
the second secure alternate mode including a non-secure alternate mode (Adachi: column 5, line 62-column 6, line 8: That is, the following assumptions are made: "enc.0" corresponds to (1) "no WEP" (non-secure alternate mode). "enc.1" corresponds to (2) "WEP present and 64-bit WEP used". "enc.2" corresponds to (3) "WEP present and 128-bit WEP used". Column 10, lines 26-41: The terminal WL13 receives a beacon frame specified in the IEEE802.11 and transmitted from the access point AP1. According to the specification of the IEEE802.11, the beacon frame is received and then an authentication and association procedures are followed. The security levels of the terminal WL13 are written in the authentication or association frame as information communicated to the access point AP1. FIG. 7 shows by way of example a procedure used if the access point AP1 is notified of the security level of the terminal WL13 using an authentication frame. It is assumed that, in this procedure, the security levels of the terminal WL13 are "enc.0" and "enc.1". Column 16, lines 1-15: The access point AP1 sets the selected one security level to be used for communication with the terminal WL13. If, for example, the terminal WL13 notifies the access point of the security levels "enc.0" and "enc.1", then it is permitted to be connected to the access point AP1).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Adachi in the invention of Viavant in view of Kroselberg to include the above limitations. The motivation to do so would be to enable wireless communication while ensuring a minimum security level for each basic group of a wireless LAN on the basis of encryption preset for the basic group (Adachi: column 2, lines 57-62).

As per claim 17, Viavant in view of Kroselberg and Adachi teaches:
The non-transitory computer-readable storage medium of claim 14, wherein the instructions, when executed, cause the machine to perform the operations of: identifying the first secure alternate mode from a first published list of supported alternate modes (Viavant: column 6, lines 43-65: As shown in FIG. 5, at step 166 each process first composes a list of authentication service methods which it supports. This list may be ordered by preference, such that if a user prefers a particular method, it appears at the front of the list. The client then sends its list to the server. In step 168, the server compares the client's list with its own list to determine if the processes share an authentication method. The server then sends back one of the following responses: (3) authentication type--describes the authentication method to be used. The server ordinarily uses the first authentication method it supports in the client's list. Column 5, lines 42-45: Authorization security service 126 comprises Kerberos adapter 146, and Biometric adapter 150, which use the Kerberos and Biometric methods respectively); and 
identifying the second secure alternate mode from a second published list of supported alternate modes, wherein the second secure alternate mode is not included in the first list of supported alternate modes (Kroselberg: [0066]-[0068]. [0088] The authentication phase according to FIG. 2A is identical to the authentication of the mobile communication terminal 101 and of the mobile radio network computer 102 in the communication system 200 carried out according to the first exemplary embodiment. [0089] According to FIG. 2B, a negotiation of a security association is initiated in a registration message 201 by the mobile communication terminal 101, with a list 202 of possible security associations already being included in the registration message 201 according to this exemplary embodiment. [0090] According to this exemplary embodiment, two possible security associations are proposed in the list 202 with possible security associations: [0091] first possible security association: [0092] integrity algorithm SHA-1. [0095] second possible security association: [0096] integrity algorithm MD5).
The examiner provides the same rationale to combine prior arts Viavant and Kroselberg as in claim 14 above.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Viavant in view of Kroselberg as applied to claim 7 above, and further in view of prior art of record US 20060269053 to Miyazawa (hereinafter Miyazawa).
As per claim 8, Viavant in view of Kroselberg does not teach: wherein the second secure alternate mode includes an encrypted storage access. However, Miyazawa teaches:
wherein the second secure alternate mode includes an encrypted storage access (Miyazawa: [0077]: Next, the client PC notifies the print server 20 of a list of common key methods made by the client PC 10. The print server 20 selects a common key method to be used in encryption processing of print data from common key encryption method candidates in the notified list based on a communication speed between the client PC 10 and the print server 20 and encryption strength, etc. Then, the print server 20 notifies the client PC 10 of the selected common key method. [0080]: [0080] Next, the client PC 10 encrypts the print data using the common key which is of the agreed common key method, and sends the encrypted print data to the print server 20. Then, the print server 20 decrypts the received encrypted print data using the common key of the relevant common key method. It was well known to one of ordinary skill in the art before the effective filing date of the claimed invention that encrypted data received from the client PC will have to be at least temporarily stored in storage prior to being decrypted by the print server using the common key).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Miyazawa in the invention of Viavant in view of Kroselberg and Adachi to include the above limitations. The motivation to do so would be to shorten processing time by selecting an adequate encryption method taking an encryption processing speed into account (Miyazawa: [0012]).

Claims 16 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Viavant in view of Kroselberg and Adachi as applied to claims 11 and 14 above, and further in view of US 20140240776 to Suzuki et al (hereinafter Suzuki).
As per claims 16 and 18, Viavant in view of Kroselberg and Adachi does not teach the limitations of the claims. However, Suzuki teaches: 
wherein the non-secure alternate mode includes one or more of keyboard access, mouse access, a video interface, or a printer interface (Suzuki: [0089] The details of the processing performed by the CPU 32 of the printer 10 of this embodiment will now be explained with reference to FIGS. 7 and 8. [0090] In the G/O negotiation, the CPU 32 sends information specifying a G/O priority level of the printer 10 (that is, Intent value) to the PC 110, and receives information specifying a G/O priority level of the PC 110 from the PC 110. [0091] The CPU 32 compares the G/O priority level of the printer 10 and the G/O priority level of the PC 110, and determines that the apparatus whose priority level is the higher should operate in the G/O state, while determining that the apparatus whose priority level is the lower should operate in the CL state. [0092]-[0094]: When the WFD network has been formed to which both the printer 10 and the PC 110 belong, as in the case C or D described above, then the printer 10 is able to receive print data from the PC 110 by using the WFD network, and is enabled to perform print processing).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Suzuki in the invention of Viavant in view of Kroselberg and Adachi to include the above limitations. The claim would have been obvious because a particular known technique was recognized as part of the ordinary capabilities of one skilled in the art (see KSR Int’l Co. v. Teleflex Inc. 550 U.S. ___, 82 USPQ2d 1385 (Supreme Court 2007) (KSR)).
	
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
US 9307058 to Xiong et al: A negotiation method used in a high definition multimedia interface (HDMI) is provided. The negotiation method includes: transmitting a first negotiation signal from a first side to a second side during a first specific time period for enabling negotiation of an HDMI Ethernet Channel (HEC); and checking whether any negotiation signal sent from the second side is received by the first side for determining a result of the negotiation. The first negotiation signal includes parameters of Energy Efficient Ethernet (EEE) or parameters of flow control at least. Any packet of the negotiation signal excludes a data field of Start Frame Delimiter (SFD), and therefore the packet can be applied for point-to-point transmission and compatible with the Physical layer.
US 8589683 to Berrange: A secure Virtual Network Computing (VNC) connection between a server and a client is authenticated using a series of message exchanges. A server receives a request from a client to establish a VNC connection. If the request indicates that the client supports an encryption scheme, the server provides a first set of mechanisms for a subsequent authentication process. If the request indicates that the client does not support the encryption scheme, the server provides the client a second set of mechanisms for the subsequent authentication process. The second set contains fewer mechanisms than the first set. The client chooses an authentication mechanism from the first set or the second set provided by the server. The server and the client then perform the subsequent authentication process, using the authentication mechanism chosen by the client, with a series of message exchanges.
	
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438