DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections

Claim 8 is objected to because of the following informalities:  at line 2, there is an unnecessary ‘a’ inserted into the term “a second SA obtaining a request”. In light of Claim 19, examiner believes this second ‘a’ is a typographical error.  Appropriate correction is required.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 3-11 and 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Stahl (US 20190158453 A1), hereafter S1, in view of Rommer (US 20190364420 A1), hereafter R1.

Regarding Claim 1, S1 discloses the below limitation:	receiving a first data packet sent by an external network device (S1 Fig 4 S202 receive data packets);	verifying an authentication header (AH) packet header of the first data packet by using a (Fig 4 S204 obtain verification of identity; Fig 5 S204b Validate AH); and	sending the first data packet to an internet of things (IoT) device in response to the verification being successful (Fig 4 S206 transmit data packets).
S1 does not disclose the below limitation:	a first security association (SA);
R1 does disclose the below limitation:	a first security association (SA) (R1 Par 30 discloses IPSec SA established between UE and a gateway);
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine verification/authentication of a packet by an intermediate device, as disclosed in S1, with the usage of an IPSec SA for the purpose of verification, as disclosed in R1. When a destination device has limited processing and/or memory capacity, it is beneficial to offload authentication to an intermediate node with more capability. Further, IPSec is a method of authentication known in the art that includes both an encapsulated authentication header (AH) and a security association (SA). Thus, the usage of IPSec AH and SA for the purpose of authentication is known in the art. By using IPSec to authenticate a packet at an intermediate node, the destination node (in this case an IoT device) has reduces requirements for processing and memory capability. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 3, S1 and R1 disclose the limitations of Claim 1.
S1 further discloses the below limitation:	sending a (S1 Par 9 discloses public and private keys wherein packet is verified using the private key; see also Par 70).
S1 does not disclose the below limitation:	a second SA;
R1 does disclose the below limitation:	a second SA (R1 Fig 2 step 116 wherein second SA is disclosed);
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission method with authenticating a packet via an SA (e.g. using associated keys) as disclosed in S1 with the step of using a second SA as disclosed in R1. Sending a second SA to the IoT device to in order to parse the packet allows end-to-end secure transmission. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 4, S1 and R1 disclose the limitations of Claim 3.
S1 further discloses the below limitation:	wherein the second SA is encrypted by using a local key of the IoT device (S1 Par 70 wherein private key (e.g. local key) is used to encrypt the packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission method with encrypting a packet using a local key, as disclosed in S1. S1 discloses encryption via public, private, and symmetric keys, all of which could potentially read on a “local key” unless applicant specifies otherwise. Encrypting packets with a key as described here is well-understood in the art, and does not significantly contribute to the novelty of the invention. A SA, such as the one described in R1, contains a key management capability. As such, even though S1 doesn’t explicitly disclose the usage of SA for the purpose of encrypting a key, it is obvious in light of S1’s usage of keys in a manner similar to that of an IPSec SA. Encrypting packets via a local key increases security by allowing only those devices with access to the local key to read the packet. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 5, S1 and R1 disclose the limitations of Claim 1.
S1 further discloses the below limitation:	wherein the first SA and the second SA are determined by the IoT device through negotiation with the external network device (S1 Fig 3 step 104a obtain a verification key of the wireless device); and	storing the first SA and the second SA (Par 69 discloses a database of device keys; see also Fig 4 S208).
S1 does not disclose the below limitation:	receiving the first SA and the second SA that are sent by the IoT device,
R1 does disclose the below limitation:	receiving the first SA and the second SA that are sent by the IoT device (R1 Fig 2 step 116 wherein second SA is disclosed),
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission method with determining SA at a remote device, as disclosed in S1 and also in R1, with the step of storing the SAs. While S1 doesn’t explicitly state that the SAs are stored, it does disclose a database that stores device keys. As device keys are an element of an IPSec SA, it is understood that the database in S1 could also store SAs if they are being used for the purpose of authentication in lieu of keys by themselves. Storing SAs (i.e. key pairs) in a database is what allows the authenticating device to perform a lookup to match and/or find keys to authenticate the packet.  Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 6, S1 discloses the below limitation:	receiving a second data packet sent by an internet of things (IoT) device (S1 Fig 4 S202 receive data packets);	encapsulating an authentication header (AH) packet header of the second data packet by using a first (Par 70 a wireless device can include an AH to integrity protect a data packet); and	sending an encapsulated second data packet to an external network device (Fig 4 S206 transmit data packets).
S1 does not disclose the below limitation:	a first security association (SA);
R1 does disclose the below limitation:	a first security association (SA) (R1 Par 30 discloses IPSec SA established between UE and a gateway);
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine verification/authentication of a packet by an intermediate device, as disclosed in S1, with the usage of an IPSec SA for the purpose of verification, as disclosed in R1. When a destination device has limited processing and/or memory capacity, it is beneficial to offload authentication to an intermediate node with more capability. Further, IPSec is a method of authentication known in the art that includes both an encapsulated authentication header (AH) and a security association (SA). Thus, the usage of IPSec AH and SA for the purpose of authentication is known in the art. By using IPSec to authenticate a packet at an intermediate node, the destination node (in this case an IoT device) has reduces requirements for processing and memory capability. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 7, S1 and R1 disclose the limitations of Claim 6.
S1 does not disclose the below limitation:	wherein the second data packet is sent by the IoT device after being encapsulated by using a second SA.
R1 does disclose the below limitation:	wherein the second data packet is sent by the IoT device after being encapsulated by using a second SA (R1 Fig 4a encapsulate data using IPSec Child SA (e.g. second SA)).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission method with usage of a second SA as disclosed in R1. Using a second SA allows communication from the IoT device to be secured, as the first SA is used to secure communication to the IoT device. IPSec SAs are used to facilitate secure end-to-end communication, so its usage here is for the intended purpose of increasing security of packets sent by a device. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 8, S1 and R1 disclose the limitations of Claim 6.
S1 does not disclose the below limitation:	receiving a second SA obtaining a request sent by the IoT device; and	sending the second SA to the IoT device.
R1 does disclose the below limitation:	receiving a second SA obtaining a request sent by the IoT device (R1 Fig 2 step 115 and step 116 wherein second SA is created in response to a PDU session request); and	sending the second SA to the IoT device (Fig 5a step 53 IPSec Child SA (e.g. second SA) via first IPSec SA is transmitted).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission method with creating and transmitting a second SA to an IoT in response to a request, as disclosed in R1. SA can be used to facilitate secure end-to-end communication from a device. In this case, the authorization is offloaded to an intermediate device (e.g. the data transmission device of Claims 1 and 11) in order to reduce strain on the IoT device. Therefore if the IoT device wishes to communicate using secure end-to-end communication, it will need to send a request to the intermediate device to receive an SA to facilitate this offloading scheme. By facilitating the IoT device to request a second SA, the processing/memory requirements of the IoT device can be reduced because it does not need to compute the second SA itself. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 9, S1 and R1 disclose the limitations of Claim 7.
S1 further discloses the below limitation:	wherein the second SA is encrypted by using a local key of the IoT device (S1 Par 70 wherein private key (e.g. local key) is used to encrypt the packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission method with encrypting a packet using a local key, as disclosed in S1. S1 discloses encryption via public, private, and symmetric keys, all of which could potentially read on a “local key” unless applicant specifies otherwise. Encrypting packets with a key as described here is well-understood in the art, and does not significantly contribute to the novelty of the invention. A SA, such as the one described in R1, contains a key management capability. As such, even though S1 doesn’t explicitly disclose the usage of SA for the purpose of encrypting a key, it is obvious in light of S1’s usage of keys in a manner similar to that of an IPSec SA. Encrypting packets via a local key increases security by allowing only those devices with access to the local key to read the packet. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 10, S1 and R1 disclose the limitations of Claim 6.
S1 further discloses the below limitation:	storing the first SA and the second SA (S1 Par 69 discloses a database of device keys; see also Fig 4 S208).
S1 does not disclose the below limitation:	receiving the first SA and the second SA that are sent by the IoT device, wherein the first SA and the second SA are determined by the IoT device through negotiation with the external network device;
R1 does disclose the below limitation:	receiving the first SA and the second SA that are sent by the IoT device, wherein the first SA and the second SA are determined by the IoT device through negotiation with the external network device (R1 Fig 5a step 53 IPSec Child SA (e.g. second SA) via first IPSec SA is transmitted);
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission method with determining SA at a remote device, as disclosed in S1 and also in R1, with the step of storing the SAs. While S1 doesn’t explicitly state that the SAs are stored, it does disclose a database that stores device keys. As device keys are an element of an IPSec SA, it is understood that the database in S1 could also store SAs if they are being used for the purpose of authentication in lieu of keys by themselves. Storing SAs (i.e. key pairs) in a database is what allows the authenticating device to perform a lookup to match and/or find keys to authenticate the packet.  Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 11, S1 discloses the below limitation:	a receiver (S1 Fig 15 Comm. Interface 420), configured to cooperate with a processor to receive a first data packet sent by an external network device (Fig 4 S202 receive data packets);	the processor (Fig 15 Processing circuitry 410), configured to verify an authentication header (AH) packet header of the first data packet by using a first (Fig 4 S204 obtain verification of identity; Fig 5 S204b Validate AH); and	a transmitter, configured to cooperate with the processor to send the first data packet to an internet of things (IoT) device in response to the verification being successful (Fig 4 S206 transmit data packets).
S1 does not disclose the below limitation:	a first security association (SA);
R1 does disclose the below limitation:	a first security association (SA) (R1 Par 30 discloses IPSec SA established between UE and a gateway);
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine verification/authentication of a packet by an intermediate device, as disclosed in S1, with the usage of an IPSec SA for the purpose of verification, as disclosed in R1. When a destination device has limited processing and/or memory capacity, it is beneficial to offload authentication to an intermediate node with more capability. Further, IPSec is a method of authentication known in the art that includes both an encapsulated authentication header (AH) and a security association (SA). Thus, the usage of IPSec AH and SA for the purpose of authentication is known in the art. By using IPSec to authenticate a packet at an intermediate node, the destination node (in this case an IoT device) has reduces requirements for processing and memory capability. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 13, S1 and R1 disclose the limitations of Claim 11.
S1 further discloses the below limitation:	send a (S1 Par 9 discloses public and private keys wherein packet is verified using the private key; see also Par 70).
S1 does not disclose the below limitation:	a second SA;
R1 does disclose the below limitation:	a second SA (R1 Fig 2 step 116 wherein second SA is disclosed);
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission device method with authenticating a packet via an SA (e.g. using associated keys) as disclosed in S1 with the step of using a second SA as disclosed in R1. Sending a second SA to the IoT device to in order to parse the packet allows end-to-end secure transmission. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 14, S1 and R1 disclose the limitations of Claim 13.
S1 further discloses the below limitation:	wherein the second SA is encrypted by using a local key of the IoT device (S1 Par 70 wherein private key (e.g. local key) is used to encrypt the packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission device with encrypting a packet using a local key, as disclosed in S1. S1 discloses encryption via public, private, and symmetric keys, all of which could potentially read on a “local key” unless applicant specifies otherwise. Encrypting packets with a key as described here is well-understood in the art, and does not significantly contribute to the novelty of the invention. A SA, such as the one described in R1, contains a key management capability. As such, even though S1 doesn’t explicitly disclose the usage of SA for the purpose of encrypting a key, it is obvious in light of S1’s usage of keys in a manner similar to that of an IPSec SA. Encrypting packets via a local key increases security by allowing only those devices with access to the local key to read the packet. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 15, S1 and R1 disclose the limitations of Claim 11.
S1 further discloses the below limitation:	wherein the device further comprises a memory coupled to the processor (S1 Fig 15 Storage medium 430);	the memory is configured to store the first SA and the second SA (Par 69 discloses a database of device keys; see also Fig 4 S208).
S1 does not disclose the below limitation:	the receiver is further configured to cooperate with the processor to receive the first SA and the second SA that are sent by the IoT device; 
R1 does disclose the below limitation:	the receiver is further configured to cooperate with the processor to receive the first SA and the second SA that are sent by the IoT device (R1 Fig 2 step 116 wherein second SA is disclosed);
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission device with determining SA at a remote device, as disclosed in S1 and also in R1, with the step of storing the SAs. While S1 doesn’t explicitly state that the SAs are stored, it does disclose a database that stores device keys. As device keys are an element of an IPSec SA, it is understood that the database in S1 could also store SAs if they are being used for the purpose of authentication in lieu of keys by themselves. Storing SAs (i.e. key pairs) in a database is what allows the authenticating device to perform a lookup to match and/or find keys to authenticate the packet.  Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 16, S1 and R1 disclose the limitations of Claim 11.
S1 does not disclose the below limitation:	wherein the data transmission device is a gateway device between the external network and the IoT network, or the data transmission device is an agent node in the IoT network, and	the agent node is configured to exchange data between the gateway device and the IoT device.
R1 does disclose the below limitation:	wherein the data transmission device is a gateway device between the external network and the IoT network, or the data transmission device is an agent node in the IoT network (R1 Fig 3b wherein gateway ngPDG/N3IWF 103 is situated between the network and an IoT device), and	the agent node is configured to exchange data between the gateway device and the IoT device (Fig 3b wherein gateway ngPDG/N3IWF 103 is used to facilitate communication between an IoT device 120 and the network via UP 105).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission device with performing the steps herein at a gateway situated between an IoT device and the network, as disclosed in R1. IoT devices commonly communicate with the network via a gateway. Gateways are known in the art to perform functions including acting as a relay to facilitate communication and verifying packets. The gateway described here performs the typical functions of a gateway, and as such doesn’t significantly contribute to the novelty of the invention. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 17, S1 discloses the below limitation:	a receiver (S1 Fig 15 Comm. Interface 420), configured to cooperate with a processor to receive a second data packet sent by an internet of things (IoT) device (Fig 4 S202 receive data packets);	the processor (Fig 15 Processing circuitry 410), configured to encapsulate an authentication header (AH) packet header of the second data packet by using a first (Par 70 a wireless device can include an AH to integrity protect a data packet); and	a transmitter (Fig 15 Comm. Interface 420), configured to send an encapsulated second data packet to an external network device (Fig 4 S206 transmit data packets).
S1 does not disclose the below limitation:	a first security association (SA);
R1 does disclose the below limitation:	a first security association (SA) (R1 Par 30 discloses IPSec SA established between UE and a gateway);
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine verification/authentication of a packet by an intermediate device, as disclosed in S1, with the usage of an IPSec SA for the purpose of verification, as disclosed in R1. When a destination device has limited processing and/or memory capacity, it is beneficial to offload authentication to an intermediate node with more capability. Further, IPSec is a method of authentication known in the art that includes both an encapsulated authentication header (AH) and a security association (SA). Thus, the usage of IPSec AH and SA for the purpose of authentication is known in the art. By using IPSec to authenticate a packet at an intermediate node, the destination node (in this case an IoT device) has reduces requirements for processing and memory capability. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 18, S1 and R1 disclose the limitations of Claim 17.
S1 does not disclose the below limitation:	wherein the second data packet is sent by the IoT device after being encapsulated by using a second SA.
R1 does disclose the below limitation:	wherein the second data packet is sent by the IoT device after being encapsulated by using a second SA (R1 Fig 4a encapsulate data using IPSec Child SA (e.g. second SA)).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission device with usage of a second SA as disclosed in R1. Using a second SA allows communication from the IoT device to be secured, as the first SA is used to secure communication to the IoT device. IPSec SAs are used to facilitate secure end-to-end communication, so its usage here is for the intended purpose of increasing security of packets sent by a device. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.
Regarding Claim 19, S1 and R1 disclose the limitations of Claim 17.
S1 does not disclose the below limitation:	wherein the receiver is further configured to receive a second SA obtaining request sent by the IoT device; and	the transmitter is further configured to send the second SA to the IoT device.
R1 does disclose the below limitation:	wherein the receiver is further configured to receive a second SA obtaining request sent by the IoT device (R1 Fig 2 step 115 and step 116 wherein second SA is created in response to a PDU session request); and	the transmitter is further configured to send the second SA to the IoT device (Fig 5a step 53 IPSec Child SA (e.g. second SA) via first IPSec SA is transmitted).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission device with creating and transmitting a second SA to an IoT in response to a request, as disclosed in R1. SA can be used to facilitate secure end-to-end communication from a device. In this case, the authorization is offloaded to an intermediate device (e.g. the data transmission device of Claims 1 and 11) in order to reduce strain on the IoT device. Therefore if the IoT device wishes to communicate using secure end-to-end communication, it will need to send a request to the intermediate device to receive an SA to facilitate this offloading scheme. By facilitating the IoT device to request a second SA, the processing/memory requirements of the IoT device can be reduced because it does not need to compute the second SA itself. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim. 
Regarding Claim 20, S1 and R1 disclose the limitations of Claim 18.
S1 further discloses the below limitation:	wherein the second SA is encrypted by using a local key of the IoT device (S1 Par 70 wherein private key (e.g. local key) is used to encrypt the packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1 and R1, to combine the aforementioned data transmission device with encrypting a packet using a local key, as disclosed in S1. S1 discloses encryption via public, private, and symmetric keys, all of which could potentially read on a “local key” unless applicant specifies otherwise. Encrypting packets with a key as described here is well-understood in the art, and does not significantly contribute to the novelty of the invention. A SA, such as the one described in R1, contains a key management capability. As such, even though S1 doesn’t explicitly disclose the usage of SA for the purpose of encrypting a key, it is obvious in light of S1’s usage of keys in a manner similar to that of an IPSec SA. Encrypting packets via a local key increases security by allowing only those devices with access to the local key to read the packet. Therefore, it would have been obvious to combine S1 and R1 to obtain the invention, as specified in the instant claim.

Claims 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over S1 in view of R1 and further in view of Uddin (US 20200053190 A1), hereafter U1.
Regarding Claim 2, S1 and R1 disclose the limitations of Claim 1.
S1 and R1 do not disclose the below limitation:	removing the AH packet header of the first data packet; and	sending, to the IoT device, the first data packet from which the AH packet header is removed.
U1 does disclose the below limitation:	removing the AH packet header of the first data packet (U1 Fig 5 step 511 remove security information from NWK header); and	sending, to the IoT device, the first data packet from which the AH packet header is removed (Fig 5 step 524 forward packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1, R1 and U1, to combine the aforementioned data transmission method with removing the security header (e.g. AH) prior to transmitting the packet to the IoT device, as disclosed in U1. The step of authenticating the packet is done prior to transmitting the packet to the IoT device in order to reduce the strain on IoT devices with limited computing and memory to perform authentication. Because the goal is to prevent the IoT device from performing authentication, transmitting the packet encapsulated with an AH header is unnecessary. By removing the AH header, the IoT device does not need to parse through the header in order to get to the information stored in the packet. Further, removing the AH header reduces the size of the packet that is transmitted, which can reduce congestion. Therefore, it would have been obvious to combine S1, R1 and U1 to obtain the invention, as specified in the instant claim.
Regarding Claim 12, S1 and R1 disclose the limitations of Claim 11.
S1 and R1 do not disclose the below limitation:	wherein the processor is further configured to remove the AH packet header of the first data packet; and	the transmitter is configured to cooperate with the processor to send to the IoT device, the first data packet from which the AH packet header is removed.
U1 does disclose the below limitation:	wherein the processor is further configured to remove the AH packet header of the first data packet (U1 Fig 5 step 511 remove security information from NWK header); and	the transmitter is configured to cooperate with the processor to send to the IoT device, the first data packet from which the AH packet header is removed (Fig 5 step 524 forward packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, having the teaching of S1, R1 and U1, to combine the aforementioned data transmission device with removing the security header (e.g. AH) prior to transmitting the packet to the IoT device, as disclosed in U1. The step of authenticating the packet is done prior to transmitting the packet to the IoT device in order to reduce the strain on IoT devices with limited computing and memory to perform authentication. Because the goal is to prevent the IoT device from performing authentication, transmitting the packet encapsulated with an AH header is unnecessary. By removing the AH header, the IoT device does not need to parse through the header in order to get to the information stored in the packet. Further, removing the AH header reduces the size of the packet that is transmitted, which can reduce congestion. Therefore, it would have been obvious to combine S1, R1 and U1 to obtain the invention, as specified in the instant claim.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWN D MILLER whose telephone number is (571)272-8599. The examiner can normally be reached M-TR 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles C Jiang can be reached on (571) 270-7191. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAWN D MILLER/Examiner, Art Unit 2412                                                                                                                                                                                                        
/WALLI Z BUTT/Examiner, Art Unit 2412