DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1, 3, 9, 12, 16 and 20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1, 7 and 13  of U.S. Patent No. 9,998,287 (hereinafter “PAT287”).  Although the conflicting claims are not identical, they are not patentably distinct from each other because of the following reasons:
Claims 1, 7 and 13 of U.S. Patent No. US 9,998,287 contain(s) every element of claims 1, 3, 9, 12, 16 and 20 of the instant application and the instant claims are a broader version of the Patent No. US 9,218,476 (see table below) and as such anticipate(s) claims 1, 3, 9, 12, 16 and 20 of the instant application. “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 

Claims 1, 3, 6, 9, 12, 14, 16 and 19-20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1, 7-8 and 14-15 of U.S. Patent No. 10,680,835 (hereinafter “PAT835”).  Although the conflicting claims are not identical, they are not patentably distinct from each other because of the following reasons:
Claims 1-2, 7-9 and 14-16 of U.S. Patent No. US 10,680,835 contain(s) every element of claims 1, 3, 6, 9, 12, 14, 16 and 19-20 of the instant application and the instant claims are a broader version of the Patent No. US 10,680,835 (see table below) and as such anticipate(s) claims 1, 3, 6, 9, 12, 14, 16 and 19-20 of the instant application. “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
16877726
9,998,287


1. A method comprising:



receiving, by a network device and from a first computing system, a challenge message;









receiving, by the network device from the first computing system and based on the response, an indication of permission to transmit non-secure data between a user device and a second computing system.

receiving, by an authentication system, from a content server, a request to authenticate a network device;
sending, by the authentication system and to the network device, an encrypted challenge message;


verifying, by the authentication system based on the encrypted response, an authenticity of the network device; and
authorizing, by the authentication system and based on successful verification of the authenticity of the network device, the content server to exchange unencrypted data with the unauthorized user device via the network device.
sending, to the network device and based on the determining, information indicating the permission.

1. …
receiving, by an authentication system, from a content server, a request to authenticate a network device;

9
7
12
7




16
13
20
13



16877726
10,680,835


1. A method comprising:


receiving, by a network device and from a first computing system, a challenge message;

sending, by the network device and to the first computing system, a response to the challenge message; and


receiving, by the network device from the first computing system and based on the response, an 

receiving, by a first computing system, a request to authenticate a network device;
sending, by the first computing system and to the network device, a challenge message;

receiving, by the first computing system and from the network device, a response to the challenge message, wherein the response comprises a digital signature of the network device;

determining, by the first computing system and based on the response, that the network device is 
sending, to the network device and based on the determining, information indicating the permission.


7. The method of claim 1, wherein the first computing system comprises at least one of a content server or an authentication server.
6. The method recited in claim 1, further comprising:
receiving, by the network device and from the first computing system, a timeout notice that comprises an indication of a time interval;
sending, by the network device and prior to the expiration of the indicated time interval, a keep-alive message; and
receiving, by the network device and from the first computing system, information indicating the permission is continued.

2. The method of claim 1, further comprising:

sending, by the first computing system and to the network device, a timeout notice that comprises an indication of a time interval;
receiving, prior to the expiration of the indicated time interval and from the network device, a keep-alive message; and
sending, by the first computing system and to the network device, information indicating the permission is continued.
9
8
12
14
14
9


16
15
19
16
20
7


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (an abstract idea) without significantly more.  
Regarding independent claim 1:
First, Claim 1 is directed to a method.  Therefore, the claimed invention falls into one of the four statutory categories.
Second, claim 1 is analyzed for its underlying inventive concept. 

Claim 1 is directed to steps of “receiving, by a network device and from a first computing system, a challenge message;
sending, by the network device and to the first computing system, a response to the challenge message; and
receiving, by the network device from the first computing system and based on the response, an indication of permission to transmit non-secure data between a user device and a second computing system”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation by human mind but for the recitation of generic computer components. That is, other than reciting “the network device and the first computing system” and “a user device and second computing device”, nothing in the claim element precludes the step from practically being performed in the human mind. For example, but for “receiving …” language, “sending …” in the context of this claim encompasses the user manually exchange the information. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas.
Step 2A Prong Two:
This judicial exception is not integrated into a practical application. In particular, the claim only recites additional elements “the network device and the first computing system” and “a user device and second computing device”. The additional steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of receiving and sending) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
Third, Step 2B: claim 1 does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of “the network device and the first computing system” and “a user device and second computing device” amounts to no more than mere 
The claim 1 is not patent eligible.
Dependent claims 1-6 and 8, when analyzed individually or as a whole, are held to be patent ineligible under 35 U.S.C. 101 because, the additional recited limitation(s) fail(s) to amount to “significantly more” than the judicial exception, and thereby non-statutory.

Claims 9-14 are the network device claims of method claims 1-6 with no additional steps besides processors and memory. Therefore, they are also rejected under 35 U.S.C. 101 for similar reasons recited in claims 1-6.

Claims 16-20 are the non-transitory computer-readable storage medium claims with no additional steps comparing to method claims 1-6. Therefore, they are also rejected under 35 U.S.C. 101 for similar reasons recited in claims 1-6.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-5, 7-13, 15-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Rosati et al. (US 2013/0046976, hereinafter Rosati) in view of Scherer (Pub. No.: US 2013/0073847).
Regarding claim 1: Rosati discloses a method comprising: 
receiving, by a network device and from a first computing system, a challenge message (Rosati -[0027]: The authentication server 12 initiates a challenge/response protocol and sends a cryptographic challenge at stage 5 to the mobile device 10 associated with the user making the request in stage 3); 
sending, by the network device and to the first computing system, a response to the challenge message (Rosati - [0028]: The authentication server 12 receives the response); and 
([0182]: the DS managing unit 18 sends a challenge message 374 to the node 350 and receives a challenge response 376 from the node 350); and
receiving, by the network device from the first computing system and based on the response, an indication of permission (Rosati - [0028]: If the signature can be verified, the authentication server 12 confirms verification with the VPN gateway 6 at stage 7. The VPN gateway 6 then allows access to the private network 2 at stage 8).
 Although Rosati discloses transmit permission to access a private network, it doesn’t explicitly teach but Scherer discloses: permission to transmit non-secure data between a user device and a second computing system (Scherer - [0058]: if there is no such rule, or there is a rule specifically permitting unsecured outgoing traffic, then the VP 110 sends the data 101, via I/O 112, to the server 120 in an unsecured form over network 140).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Rosati with Scherer so that permission to transmit non-secure data is determined. The modification would have allowed the system to transmit permission for non-secure data.
Regarding claim 2: Rosati as modified discloses wherein the receiving, from the first computing system, a challenge message comprises receiving the challenge message via the second computing system (Rosati - [0030]: the challenge is sent at stage 5 to the VPN gateway 6 to be routed through the VPN client 20 to the cryptographic module 18 on the mobile device).
Regarding claim 3: Rosati as modified discloses wherein the first computing system comprises an authentication server (Rosati - [0028]: The authentication server 12, Fig. 1), and wherein the second computing system comprises a content server (Scherer - [0038]: remote devices 120, 130 comprise a database server 120).
The reason to combine is similar as claim 1.
Regarding claim 4: Rosati as modified discloses wherein the first computing system is associated with the second computing system (Scherer - [0037]: security module 117 executes a set of security and configuration rules 118 (collectively, “security rules 118”) used to encrypt, decrypt, authenticate, and/or otherwise secure communications between the VP 110 and one or more remote devices (e.g., server 110, personal computer 120), vision processors, and/or other networked devices).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Rosati with Scherer so that authentication server is associated with content server. The modification would have allowed the system to communicate non-secure data after authentication to protect unencrypted data.
Regarding claim 5: Rosati as modified discloses further comprising:
receiving, by the network device and from the user device, a message indicative of a request to access data associated with the second computing system (Rosati - [0027]: the computing device 4 utilizes the VPN client 20 to request access to the private network 2 by communicating with the VPN gateway 6 over a public network 8); and
sending, by the network device and to the second computing system, a message indicative of a request for service from the second computing system (Rosati - [0027]: The VPN gateway 6 after receiving such a request initiates an authentication of the associated user at stage 4 by communicating with the authentication server 12),
wherein the receiving the challenge message is based on the sending the message indicative of the request for service from the second computing system (Rosati - [0027]: The authentication server 12 initiates a challenge/response protocol and sends a cryptographic challenge at stage 5 to the mobile device 10 associated with the user making the request in stage 3).
Regarding claim 7: Rosati as modified discloses wherein the network device comprises at least one of a gateway, a DOCSIS device, or a remote customer premises equipment (rCPE) (Rosati - [0024]: Fig. 1, a VPN gateway 6).
Regarding claim 8: Rosati as modified discloses wherein the user device comprises at least one of a wireless consumer device, a computer, a sensor, an effector, a control, an industrial device, or retail Rosati - [0023]: mobile devices may include, without limitation, cellular phones, smart-phones, wireless organizers, pagers, personal digital assistants, computers, laptops, handheld or other wireless communication devices).
Regarding claims 9-13 and 15: Claims are directed to apparatus/device claims and do not teach or further define over the limitations recited in claims 1-5 and 7. Therefore, claims 9-13 and 15 are also rejected for similar reasons set forth in claims 1-5 and 7. 
Regarding claims 16-18 and 20: Claims are directed to method/computer readable medium claims and do not teach or further define over the limitations recited in claims 1-3 and 5. Therefore, claims 16-18 and 20 are also rejected for similar reasons set forth in claims 1-3 and 5. 

Claims 6, 14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Rosati et al. (US 2013/0046976, hereinafter Rosati) in view of Scherer (Pub. No.: US 2013/0073847) and Townsley et al. (Pub. No.: US 2007/0203990, hereinafter Townsley).
Regarding claims 6, 14 and 19: Rosati as modified doesn’t explicitly teach but Townsley990 discloses:
further comprising: 
receiving, by the network device and from the first computing system, a timeout notice that comprises an indication of a time interval (Townsley - [0032]: a DHCP client operating on a device communicates with one or more DHCP servers to obtain configuration information, including an IP address for the client's host device. The configuration data is valid for a limited time interval, called a lease time);
sending, by the network device and prior to the expiration of the indicated time interval, a keep-alive message (Townsley - [0032]: Before the lease expires at the end of the lease time interval, the DHCP client may send a renew request message to extend the lease for some period of time); and
receiving, by the network device and from the first computing system, information indicating the permission is continued (Townsley - [0068-0070]: If in step 640 it is determined that a DHCP lease for communications between the customer node and nodes on the IP network does not expire, … determined whether a DHCP echo request is received among the unicast IP data packets … determined whether the echo request is valid). 
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Rosati and Scherer with Townsley so that a time interval configuration is received from the server and a renew message is sent before time out for continuing the service. The modification would have allowed the system to extent service.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
VAS et al. (Pub. No.: US 2011/0314346) - Identifying a slice name information error in a dispersed storage network
Uefuji et al. (Pub. No.: US 2015/0156058) - Management server
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/