DETAILED ACTION

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 28 January 2022 has been entered.
By the above submission, Claims 1, 2, 5-8, 11, 12, 15-18, and 22 have been amended.  Claims 4, 14, and 22 have been canceled.  No new claims have been added.  Claims 1, 2, 5-12, and 15-21 are currently pending in the present application.

Response to Arguments

Applicant’s arguments with respect to the rejection of Claims 1, 2, 4-12, and 14-22 under 35 U.S.C. 102(a)(1) have been considered but are moot in view of the new grounds of rejection set forth below.



Information Disclosure Statement

The information disclosure statement (IDS) submitted on 27 December 2021 was filed after the mailing date of the final rejection on 28 October 2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Drawings

The objections to the drawings for informalities are withdrawn in light of the amended drawings filed.

Specification

The objection to the disclosure for informalities is NOT withdrawn because not all issues have been addressed.  Although Applicant asserts that paragraph 0102 was amended to correct the previously-noted informalities (page 12 of the present response), it is noted that there is an inconsistency between the marked-up copy of the substitute specification where this issue was not corrected and the clean copy of the substitute specification where this issue may have been corrected.
The disclosure is objected to because of the following informalities:  
The specification includes minor grammatical and other errors.  For example, in paragraph 0102, lines 7-8, (see the marked-up copy of the substitute specification 
Appropriate correction is required.  Applicant’s cooperation is again requested in correcting any errors of which applicant may become aware in the specification.
The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required:  Claims 1 and 11 have been amended to recite “when the client device is not synchronized with the communication server, obtain a time limit of validity of the security token…”  Although the specification describes obtaining a time limit of validity, there is not clear antecedent basis for such a step to be performed when the client device is not synchronized.  For further detail, see below with reference to the rejection under 35 U.S.C. 112(a) for failure to comply with the written description requirement.

Claim Objections

The objections to Claims 21 and 22 for informalities are withdrawn (or moot) in light of the amendments to (or cancellation of) the claims.

Claim Rejections - 35 USC § 112

The rejection of Claims 4, 14, and 22 under 35 U.S.C. 112(b) as indefinite is moot in light of the cancellation of the claims.  The rejection of Claims 1, 2, 5-12, and 

The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 2, 5-12, and 15-21 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claims 1 and 11 have been amended to recite “when the client device is not synchronized with the communication server, obtain a time limit of validity of the security token…”  Although the specification describes obtaining a time limit of validity (see paragraph 0037 of the present specification), there is no mention in the specification of such a step being performed specifically when the client device is not synchronized.  Therefore, there is not clear written description of the claims as amended.


The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1, 2, 5-12, and 15-21 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites that the communication server is further configured to “issue and transmit a lifetime of the security token… with the security token” in lines 22-23.  It is not clear whether this is a distinct function of issuing and transmitting the security token as in lines 18-19 or a further limitation on the previously recited function.  The claim further recites “a time limit of validity” in line 25.  There is not a clear distinction between the lifetime and the time limit.  The above ambiguities render the claim indefinite.
Claim 8 recites “a public key and a private key” in line 2.  It is not clear whether these are intended to refer to the same public and private key as in Claim 1 or to new public and private keys.
Claim 11 recites that “issuing and transmitting a lifetime of the security token… with the security token” in lines 16-17.  It is not clear whether this is a distinct step of issuing and transmitting the security token as in lines 14-15 or a further limitation on the 
Claim 18 recites “a public key and a private key” in line 2.  It is not clear whether these are intended to refer to the same public and private key as in Claim 11 or to new public and private keys.
Claim 19 recites “The method according to claim 16, wherein: communicating” in lines 1-2.  This is grammatically unclear, although it appears that this may be intended to recite that the method further comprises the step of communicating.
Claim 20 recites “The method according to claim 11, wherein: communicating” in lines 1-2.  This is grammatically unclear, although it appears that this may be intended to recite that the method further comprises the step of communicating.
Claim 21 recites “recognize the lifetime of the security token” in line 6.  It is not clear what recognition of the lifetime would entail and/or how this would be used.
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 5-12, and 15-21 are rejected under 35 U.S.C. 103 as being unpatentable over Baum et al, US Patent Application Publication 2015/0222621, in view of Manning, US Patent 9118645.
In reference to Claim 11, Baum discloses a method for providing a cloud service using a service providing system that includes a cloud platform that includes a security database that stores a device ID and a pair of a public and private key corresponding to the device ID (Figure 2, token database 62) and a communication server (Figure 2, server 60), where the method includes receiving a request to issue a security token from a client device where the request includes a device ID of the client device and data encrypted with a public key (paragraphs 0057-0058); determining whether the encrypted data can be decrypted with the private key corresponding to the client device by referring to the database (paragraph 0058) and decrypting the encrypted data with the private key and determining whether decrypted data includes the device ID (paragraphs 0034, 0058); and in response to the data being decrypted with the private key, issuing and transmitting a security token to the client device (paragraphs 0036, 
Manning discloses a method that includes issuing a security token along with a lifetime and obtaining a time limit of validity of the token calculated based on a reference time and the lifetime (column 5, lines 7-44, issuing a token, and lines 45-55, issuing lifetime and obtaining expiration time, i.e. time limit of validity, based on reference time and lifetime; see also column 9, lines 26-28 and 39-59), and if the current time has not passed the time limit, indicating that the token is valid (column 4, lines 59-65; see also column 10, lines 25-34).  Therefore, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the method of Baum to include the lifetime and time limit of validity as taught by Manning, in order to securely distribute credentials to clients (see Manning, column 2, lines 54-65).
In reference to Claim 12, Baum and Manning further disclose retrieving the private key using a device ID (Baum, paragraph 0036).
In reference to Claim 15, Baum and Manning further disclose issuing and updating a lifetime of the security token (see Manning, column 5, lines 45-55).
In reference to Claims 16-18, Baum and Manning further disclose storing a configuration file composed of the device ID and public key, obtaining the configuration file, and transmitting the configuration file to the client device, and generating or updating the configuration file (see Baum, paragraphs 0025 and 0035).
In reference to Claims 19 and 20, Baum and Manning further disclose HTTPS communication (see Baum, paragraphs 0033 and 0041).

mutatis mutandis.
In reference to Claim 21, Baum and Manning further disclose specifying a client device based on the device ID and security token and lifetime (see Baum, paragraphs 0034-0035).

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Yamamoto et al, US Patent 7478114, discloses a system that includes determining an expiration time for a token using a current time and validity period.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:30am-6:00pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Zachary A. Davis/Primary Examiner, Art Unit 2492