DETAILED ACTION
	Claims 26-45 are presented on 06/23/2020 for examination on merits.  Claims 26, 33, and 40 are independent base claims.  Claims 1-25 are cancelled by preliminary amendment.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner's Instructions for filing Response to this Office Action
When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would prefer that Applicant submit two sets of claims: 
Set #1 that includes indicators for the status of claim and all marked amendments to the claims; and 
Set #2 comprising a clean version of the claims with all the markups removed for entry, as an appendix to the Applicant Arguments/Remarks or a section following the Remarks.

Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted as for examination on merits are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) is/are being considered by the examiner. See the annotated 1449 documents.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 26-45 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-25 of U.S. Patent No. 10,728,218 B2 (hereinafter “USPAT 218”). 
Although the claims at issue are not identical, they are not patentably distinct from each other because they claim the same subject matter of using a gateway apparatus for authenticating and redirecting a request to the access a network resource.


	Regarding claim 26, USPAT anticipates:
A gateway apparatus (USPAT 218, CLM. 1: A gateway apparatus), comprising: 
a network interface that receives an access request for a network resource (USPAT 218, CLM. 1: intercept an access request; an access interface of a resource of the intranet), presents an access checkpoint interface that requests an authentication input (USPAT 218, CLM. 1: present an access checkpoint interface that requests an authentication input to the gateway apparatus), and receives the authentication input (USPAT 218, CLM. 1: ); and 
a processor configured to perform an authentication of the authentication input (USPAT 218, CLM. 1: perform an authentication to the resource, based on a validation of the authentication input), wherein the gateway apparatus provides a redirection to the network resource (USPAT 218, CLM. 1: provide a redirection to the access interface of the resource).
Independent claims 33 and 40 are rejected for the same reason as claim 26, because they each recite the same limitations as those in claim 26.
Regarding dependent claims 27-32, 34-39, and 41-45 of the present application, they are obvious variants of the same subject matter as found in the reference application, and thereby rejected under the judicially created doctrine of obviousness-type double patenting.

Claim Objections
Claim 27, 34, and 41 are objected to because of the following informalities:  
Claim 27 appears to have colon marking the beginning of a clause after “comprising.”  However, the “colon” is struck out unclearly, because the clause after “comprising” is on a new line. It is noted that the Applicant should maintain a consistent style of writing, when claim 27 is compared to claim 28.
Claims 34 and 41 each have colon marking the beginning of a clause after “comprising.” However, the “colon” is struck out unclearly for the same reason as discussed in claim 27.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 26, 32-33, 39-40, and 45 are rejected under 35 U.S.C. 103 as being unpatentable over Kuperman (US 20170222979 A1; hereinafter Kuper) in view of Irwan (US 10,104,077 B1).

As per claim 26, Kuper teaches a gateway apparatus (Kuper, par. 0034: proxy 205), comprising: 
a network interface that receives an access request for a network resource (Kuper, par. 0034: the proxy 205 may be a server, load balancer, or router located logically and/or physically between the clients 105, 225, the network 120, and/or host 145 to monitor and manage the request/response path between the clients and the host; par. 0024-0050: application programming interface 221A), 
presents an access checkpoint interface that requests an authentication input (Kuper, par. 0037: the proxy 205 may employ mitigation techniques such as issue HTTP authentication challenges, which is presenting an access checkpoint interface), and 
a processor configured to perform an authentication of the authentication input (par. 0036-0038 and 0081: qualifying the client as a non-malicious 225 client based on exhibited/qualified behavior 215.  Here the Examiner broadly interprets the authentication input as any information received by the proxy, such as an identity, or fingerprint 330, of each client engaging the host as well as the period of time of client engagement, e.g., 5 minutes, an hour, a day, a week, etc.; par. 0046-0047), 
wherein the gateway apparatus provides a redirection to the network resource (Kuper, par. 0037-0038: client browser redirection… based on client response, lack thereof, or the information therein which the behavior analysis 210 examines in an attempt to identify the malicious clients and subsequently deny their access to the host; In other words, the proxy 205 incorrectly classifies the behavior of a non-malicious client 225 as an attack on the host 140 rather than qualified behavior 215, and denies the client 225 access to the functionality 220 of the host 145).
While Kuper discloses proxy 205 may monitor and manage the request/response path between the clients and the host (par. 0034-0035), and send HTTP authentication challenges 
In a related art, Irwan teaches,
receives the authentication input (Irwan, col. 13, lines 5-25: the security gateway 170 [receives] … application-based identity information for authentication, and authenticate the application 310 using information received through the edge application 410).
Kuper and Irwan are analogous art, because they are in a similar field of endeavor in improving device authentication.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Irwan to modify Kuper to include authentication in the input. For this combination, the motivation would have been to improve the level of security by using application-based identity information for authentication.

Regarding claims 33 and 40, they each recite similar limitations to those found in claim 26. Therefore, claims 33 and 40 are rejected for the same reasons as set forth in the rejection of claim 26 above.

As per claim 32, the references of Kuper and Irwan as combined above teach the gateway apparatus of claim 26, Kuper also teaches: 
wherein the network resource is an Internet of things (loT) device (Kuper, par. 0052-0053: a server machine, which is the network resource…includes an internet of things (IoT) device).

Regarding claims 39 and 45, they each recite a limitation “wherein the network resource is an Internet of things (loT) device,” which is the same as that of claim 32.  Therefore, claims 39 and 45 are rejected for the same reason as set forth in claim 32.

Claims 27-28, 34-35, and 41-42 are rejected under 35 U.S.C. 103 as being unpatentable over Kuper and Irwan, as applied to claim 26, and further in view of Chen (US 20180212970 A1).

As per claim 27, the references of Kuper and Irwan as combined above teach the gateway apparatus of claim 26, but do not explicitly disclose storing login credentials for an authentication to the network resource. This aspect of the claim is identified as a further difference.
In a related art, Chen teaches:
further comprising[:] 
a memory that stores login credentials for an authentication to the network resource (Chen, par. 0039-0040 and 0043: Memory 530 may include any type of dynamic storage device; pre-provisioned authentication token).
Chen is analogous art to the claimed invention in a similar field of endeavor in improving authentication process.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Chen with the Kuper-Irwan system to include a storage for login credentials.  For this combination, the motivation would have been to improve the level of security with accessible login credentials.

As per claim 28, the references of Kuper and Irwan as combined above teach the gateway apparatus of claim 26, but do not explicitly disclose storing storing a session token for determining that a session exists. This aspect of the claim is identified as a further difference.
In a related art, Chen teaches:
further comprising: 
Chen, par. 0060-0064: authentication control point 210 may issue to IoT portal an access token 925 for portal API server 212).
Chen is analogous art in a similar field of endeavor in improving authentication process.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Chen with the Kuper-Irwan system to include a storage for login credentials.  For this combination, the motivation would have been to improve the level of security with accessible reliable access to session tokens.

Regarding claims 34 and 41, they each recite similar limitations to those in claim 27. Therefore, claims 34 and 41 are rejected for the same reason as set forth in the rejection of claim 27 above.

Regarding claims 35 and 42, they each recite similar limitations to those in claim 29. Therefore, claims 35 and 42 are rejected for the same reason as set forth in the rejection of claim 28 above.

Claims 29-30, 36-37, and 43-44 are rejected under 35 U.S.C. 103 as being unpatentable over Kuper and Irwan and Chen, as applied to claim 28, and further in view of Choti (US 20060098795 A1)

As per claim 29, the references of Kuper and Irwan and Chen as combined above teach the gateway apparatus of claim 28, but do not explicitly disclose a redirection based on a determination that the access request is within a scope of the session. This aspect of the claim is identified as a further difference.
Choti teaches:
wherein the processor further is configured to provide the redirection based on a determination that the access request is within a scope of the session (Choti, par. 0027-0028: If not [authenticated], the user is redirected back to the login web page 10 or to an error page… If the user is successfully authenticated, the user is provided access to the service provided at the second device 270… access… within a predetermined access time period after the identification cookie is placed on the first device 280. When the predetermined access time period expires, the cookie deletes itself from the first device 280. Note here the predetermined access time period is mapped to a scope of the session in the claim).
Choti is analogous art to the claimed invention in a similar field of endeavor in improving authentication process.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Choti with the Kuper-Irwan-Chen system to enable an expired session to be redirected back to the login web page or to an error page.  For this combination, the motivation would have been to improve the user experience with accessible reliable access to session tokens.

As per claim 30, the references as combined above teach the gateway apparatus of claim 28, but do not explicitly disclose a security policy defining a maximum session time length or a maximum number of unsuccessful login attempts before access to the network resource is locked out. This aspect of the claim is identified as a further difference.
In a related art, Choti teaches:
wherein the processor further is configured to craft a security policy defining a maximum session time length or a maximum number of unsuccessful login attempts before access to the network resource is locked out (Choti, par. 0027 and 0037: An active session is a session that is still valid based on the rules defined in the configuration table (i.e. a two hour timeout value means that a user accessing the service again after one hour has an active session)).
Choti is analogous art to the claimed invention in a similar field of endeavor in improving authentication process.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Choti with the Kuper-Irwan-Chen system to enable an expired session to be redirected back to the login web page or to an error page.  For this combination, the motivation would have been to improve the level of security by limiting idle time a user can have for a live session.

Regarding claims 36 and 43, they each recite similar limitations to those in claim 29. Therefore, claims 36 and 43 are rejected for the same reason as set forth in the rejection of claim 29 above.

Regarding claims 37 and 44, they recite similar limitations to those in claims 30. Therefore, claims 37 and 44 are rejected for the same reasons as set forth in the rejection of claim 30 above.

Claim 31 and 38 are rejected under 35 U.S.C. 103 as being unpatentable over Kuper and Irwan, as applied to claim 26, and further in view of Shaw (US 20180041607 A1).

As per claim 31, the references of Kuper and Irwan as combined above teach the gateway apparatus of claim 26, but do not explicitly disclose generating a security policy defining whether the network resource can be accessed only via a local network. This aspect of the claim is identified as a further difference.
In a related art, Shaw teaches:
wherein the processor further is configured to craft a security policy defining whether the network resource can be accessed only via a local network (Shaw, par. 0053: Policy device 120 
Shaw is analogous art to the claimed invention in a similar field of endeavor in improving authentication process.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Shaw with the Kuper-Irwan system to have a security policy defining whether the network resource can be accessed only via a local network.  For this combination, the motivation would have been to improve the level of security by limiting network accessibility.

Regarding claim 38, it recites a limitation “crafting a security policy defining whether the network resource can be accessed only via a local network,” which is the same as that of claim 31.  Therefore, claim 38 is rejected for the same reason as set forth in claim 31.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272.9953.  The examiner can normally be reached on Monday to Friday, 7:30 A.M to 5:00 P.M EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571.272.3862.  The fax phone number for the organization where this application or proceeding is assigned is 571.273.8300.



/Don G Zhao/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        02/10/2022