Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-13 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.

2.	Claim 1 does not recite hardware being executed in the claim limitations, ("receiving, by a satellite component of an access control system, a request… etc…”), without any link in the body of the claims to a hardware component that is directed to non-statutory subject matter.  Therefore, it is software, per se and the claims fail to comprise any hardware to construct a system that can squarely fit within any statutory categories as shown above.  Applicant's specification fails to indicate any hardware tied to this data structure and if this data structure tied to hardware, then the hardware should be mentioned in the body of the claims.  It is not patent eligible subject matter in accordance with In re Warmerdam, 31 USPQ 2d, 1354.  The examiner suggests implementing hardware (i.e. processor or memory) into the body of the claims.  Independent Claim 8 is rejected on the same rationale of Independent Claim 1.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-20 are rejected under 35 U.S.C. 102(a) (1) as being anticipated by Khosravi (US Patent Pub. 2008/0005359).

As per claims 1, 8 and 14: Khosravi discloses a method for distributed access control, comprising (See Abstract): 
receiving, by a satellite component of an access control system, a request from a computing device to verify an identity of the computing device, wherein the request comprises one or more characteristics of the computing device (Paragraph 54; The access request 650 may include signed information 660b associated with the requested access grant of the requesting host device 610); 
verifying, by the satellite component, that the one or more characteristics of the computing device are valid, the verifying comprising one or more interactions with a Paragraph 54; The at least one access control server 620 determines whether to grant the requested network access based at least in part on the received signed information 660b associated with the access request 650); 
generating, by the satellite component, a signed document that is trusted by a control component of the access control system (Paragraph 54; In one embodiment, the signed information 660b may be collected by one or more platform management components executing independent of an operating system on the requesting host device 610); and 
providing, by the satellite component, the signed document to the computing device for use in requesting credentials from the control component to access a secure resource (Paragraph 54; If network access is to be granted, the at least one access control server 620 retrieves what policy information 680, if any, is to govern the network access of the requesting host device 610 based at least in part on the received signed information 660b associated with the access request 650).
As per claims 2 and 15: The method of Claim 1, wherein verifying, by the satellite component, that the one or more characteristics of the computing device are valid comprises:
providing a secure token to the computing device; and receiving a confirmation from the management entity that the computing device stored the secure token in a data store accessible by the computing device and the management entity (Paragraph 54;  create a secure exchange and convey an application policy token to the access control server 620. In response, the access control server 620 may transmit a system policy token to each of the posture validation servers 630. The system policy token and the application policy token may then be used by the posture validation servers 630 to sign and return policy information to the at least one access control server 620).
As per claims 3 and 16: The method of Claim 2, wherein verifying, by the satellite component, that the one or more characteristics of the computing device are valid further comprises receiving an indication of the one or more characteristics from the management entity (Paragraph 54; The at least one access control server 620 determines whether to grant the requested network access based at least in part on the received signed information 660b associated with the access request 650).
As per claims 4, 12 and 17: The method of Claim 1, wherein the one or more characteristics of the computing device comprise one or more of:
an internet protocol (IP) address; a network identifier; a group identifier; or a role (Paragraph 54;  each posture validation server 630 is dedicated to authenticating and verifying received posture information from the various host devices). 
As per claims 5, 11 and 18: The method of Claim 1, wherein the management entity corresponds to a platform service provider of the computing device, and wherein the satellite component interacts with the management entity via an application programming interface (API) provided by the platform service provider (Paragraph 18; The platform management components 170 are adapted to be executed by the second processor 150, independent of the operating system 145. The platform management components 170 are also configured to determine platform posture information independent of the operating system 145 and to generate signed platform posture information 180 based on a posture signature key 177 to obtain network access control policy information for the host platform device 110).
As per claims 6, 9 and 19: The method of Claim 1, wherein the satellite component, the computing device, and the management entity are located in a first networking environment, and wherein the control component is located in a second networking environment that is separate from the first networking environment (Paragraph 54; one embodiment uses a two phase commit mechanism to create a secure exchange and convey an application policy token to the access control server 620. In response, the access control server 620 may transmit a system policy token to each of the posture validation servers 630).
As per claims 7 and 20: The method of Claim 1, wherein the signed document comprises a list of the one or more characteristics and a signature that is shared between the satellite component and the control component (Paragraph 54; In one embodiment, the signed information 660b may be collected by one or more platform management components executing independent of an operating system on the requesting host device 610).
As per claim 10: The method of Claim 8, wherein the satellite component has verified that the one or more characteristics of the computing device are valid through interaction with a management entity related to the computing device (Paragraph 54; The at least one access control server 620 determines whether to grant the requested network access based at least in part on the received signed information 660b associated with the access request 650).
As per claim 13: The method of Claim 8, wherein the signed document comprises a list of the one or more characteristics (Paragraph 25; authenticate the host platform based on previously received policy information including verified keys and/or access control lists (ACL)).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472. The examiner can normally be reached 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For 





/ANTHONY D BROWN/Primary Examiner, Art Unit 2433