DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
2.The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

3.Claims 1-4 and 6-11 are rejected under 35 U.S.C. 102(a)(2) as being anticipated 
Pang (US Pub.No.2020/0120105) 

4.Regarding claims 1,7-11 Pang teaches a system, a computer implemented method, a computer program with a program code for performing a method, a client device for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller, comprising: an SDP controller of a cloud based network configured to: receive a request from a client device to connect to a gateway of the cloud based network; wherein the client device is connected to the SDP controller via a first network link using a first Internet Protocol (IP) address (Figs. 1-2 and Para:0045-048 teaches receiving an application access request; determining a target access point corresponding to the application access request according to a mapping relationship between the access point and an application server obtained from a network; sending a software defined perimeter SDP authentication request to the target access point; 

and to the gateway via a second network link using a second IP address; generate a one-time Single Packet Authentication (SPA) key for the client device after authenticated, the SPA key having a predefined expiration time; transmit the SPA key to the gateway; and transmit, via the first network link, the SPA key to the client device which is configured to transmit the SPA key to the gateway via the second network link, the gateway is configured to open a connection for the client device via the second network link in case the SPA key is valid (Para:0051-0052 teaches the mapping relationship between the application server and the access point includes, for example, “www.baidu.com” corresponds to “222.222.222.1” (that is, the access point with the IP 222.222.222.1 is required to access the baidu); “58.58.58.58” corresponds to “222.222.222.2” (that is, the access point with the IP 222.222.222.2 is required to access 58.58.58.58); and “192.168.1.1” corresponds to “222.222.222.3” (that is, the access point with the IP 222.22.222.3 is required to access 192.168.1.1; as such the different servers each have their own separate IP address.


5. Regarding claim 2 Pang teaches the system, wherein the gateway determines that the SPA key is valid in case the SPA key exists and the expiration time of the SPA key is not expired (Para:0064 and Para:0071-0072 teaches he established data channel has a period of validity (for example, set as 60 seconds), and the key used for application data transmission has a period of validity (for example, set as 3600 seconds), after the arrival of the period of validity of 

6. Regarding claim 3 Pang teaches the system, wherein the SPA key transmitted by the SDP controller to the client device is encrypted using at least one encryption key (Para:0064 and Para:0071-0072 teaches in order to implement secure data transmission, the data transmitted through the data channel need to be encrypted by the key, the key is generated by the key negotiation between the terminal and the access point after the two-way authentication succeeds, the key has a period of validity, the terminal and the access point can directly use the locally stored key to encrypt the data to be transmitted within the period of validity, and if the key exceeds the period of validity, the terminal and the access point need to perform the key negotiation again to re-determine the key).

7. Regarding claim 4 Pang teaches the client device transmits the SPA key to the gateway according to a door knocking sequence initiated by the client device with the gateway (Para:0051-0052 teaches a door knocking sequence initiated by the client device with the gateway).

8.  Regarding claim 6 Pang teaches the system, wherein the SPA key transmitted by the client device to the gateway is encrypted using at least one encryption key (Para:0064 and Para:0071-0072 teaches in order to implement secure data transmission, the data transmitted through the data channel need to be encrypted by the key, the key is generated by the key negotiation between the terminal and the access point after the two-way authentication 

Claim Rejections - 35 USC § 103
9.The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

10.Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Pang (US Pub.No.2020/0120105) as applied to claim 1 above and further in view of Ansari (US Pub.No.20210/0217837)

11. Regarding claim 5 Pang teaches all the above claimed limitations but does not expressly teach the system, wherein the client device transmits the SPA key to the gateway in at least one User Datagram Protocol (UDP) packet.

Ansari teaches the system, wherein the client device transmits the SPA key to the gateway in at least one User Datagram Protocol (UDP) packet (Para:0065 and Para:0104 teaches the client transmits the key to the gateway in at least one User Datagram Protocol (UDP) packet).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Pang to include the client device 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506. The examiner can normally be reached Mon-Fri: 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DEREENA T CATTUNGAL/Primary Examiner, Art Unit 2431