DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Amendment
The Amendment filed on 04/25/2022 has been entered. 
The double patenting rejection is withdrawn in view of terminal disclaimer filed on 04/25/2022.
The rejection of claims 1-20 under 35 U.S.C 101 is withdrawal in view of applicant’s remark.   
Claims 1-20 are pending of which claims 1, 9 and 16 are independent claims.

Response to Arguments
Applicant's arguments filed on 04/25/2022 have been fully considered but they are not persuasive.  
In response to applicant’s remark on page (9-11) regarding to 35 U.S.C 103:
Applicant argues regarding claims 1 and the limitation of “receiving, by the network device from the first computing system and based on the response, an indication or permission” that “the authentication processes performed in Rosati, such as those described with reference to ¶¶ [0027] and [0028], are not performed by the VPN gateway 6. As can be seen, the VPN gateway 6 of Rosati is not the authentication server 12, nor the mobile device 10 that the Office relies on to disclose the other features of independent claim 1”. Examiner acknowledged Applicant’s perspective but respectfully disagrees for the following reasons: 
As described in Rosati and Fig. 2 (similar as the example showing in Fig. 1),  a request originating from the VPN client 20 on the computing device 4 at stage 3, initiates an authentication of the associated user by the VPN gateway 6 at stage 4. Instead of sending the challenge to the mobile device 10 via a wireless network 8″, the challenge is sent at stage 5 to the VPN gateway 6 to be routed through the VPN client 20 to the cryptographic module 18 on the mobile device. In this way, the authentication server 12 does need to attempt to deliver the challenge over the wireless network only to determine that the mobile device 10 is out-of-coverage (see paragraph [0030]):. Further, in  Rosati at paragraph [0031] discloses that the VPN gateway 6 routes the response to the authentication server 12 to enable the authentication server 12 to verify the signature on the challenge using the public key Ai associated with the user. The authentication server 12 may then return a confirmation to the VPN gateway 6, that the signature has been verified at stage 7 (or a message indicating the signature has been rejected)..
Therefore, Rosati teaches limitation “receiving, by a network device and from a first computing system, a challenge message; sending, by the network device and to the first computing system, a response to the challenge message; and receiving, by the network device from the first computing system and based on the response, an indication of permission” as disclosed in claim 1 and therefore is rejected.  Independent claims 9, 16 and dependent claims 2-8 and 17-20 are also rejected for reasons similar to claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-5, 7-13, 15-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Rosati et al. (US 2013/0046976, hereinafter Rosati) in view of Scherer (Pub. No.: US 2013/0073847).
Regarding claim 1: Rosati discloses a method comprising: 
receiving, by a network device and from a first computing system, a challenge message (Rosati -[0027]: The authentication server 12 initiates a challenge/response protocol and sends a cryptographic challenge at stage 5 to the mobile device 10 associated with the user making the request in stage 3. [0030]: Fig. 2, the challenge is sent at stage 5 to the VPN gateway 6 to be routed through the VPN client 20); 
sending, by the network device and to the first computing system, a response to the challenge message (Rosati - [0028]: The authentication server 12 receives the response. [0031]: sending the response to the VPN client 20 on the computing device 4 to enable the VPN client 20 to send the response over the secure channel established with the VPN gateway 6); and 
receiving, by the network device from the first computing system and based on the response, an indication of permission (Rosati - [0028]: If the signature can be verified, the authentication server 12 confirms verification with the VPN gateway 6 at stage 7. The VPN gateway 6 then allows access to the private network 2 at stage 8. [0031]: authentication server 12 to verify the signature on the challenge using the public key Ai associated with the user. The authentication server 12 may then return a confirmation to the VPN gateway 6).
 Although Rosati discloses transmit permission to access a private network, it doesn’t explicitly teach but Scherer discloses: permission to transmit non-secure data between a user device and a second computing system (Scherer - [0058]: if there is no such rule, or there is a rule specifically permitting unsecured outgoing traffic, then the VP 110 sends the data 101, via I/O 112, to the server 120 in an unsecured form over network 140).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Rosati with Scherer so that permission to transmit non-secure data is determined. The modification would have allowed the system to transmit permission for non-secure data.
Regarding claim 2: Rosati as modified discloses wherein the receiving, from the first computing system, a challenge message comprises receiving the challenge message via the second computing system (Rosati - [0030]: the challenge is sent at stage 5 to the VPN gateway 6 to be routed through the VPN client 20 to the cryptographic module 18 on the mobile device).
Regarding claim 3: Rosati as modified discloses wherein the first computing system comprises an authentication server (Rosati - [0028]: The authentication server 12, Fig. 1), and wherein the second computing system comprises a content server (Scherer - [0038]: remote devices 120, 130 comprise a database server 120).
The reason to combine is similar as claim 1.
Regarding claim 4: Rosati as modified discloses wherein the first computing system is associated with the second computing system (Scherer - [0037]: security module 117 executes a set of security and configuration rules 118 (collectively, “security rules 118”) used to encrypt, decrypt, authenticate, and/or otherwise secure communications between the VP 110 and one or more remote devices (e.g., server 110, personal computer 120), vision processors, and/or other networked devices).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Rosati with Scherer so that authentication server is associated with content server. The modification would have allowed the system to communicate non-secure data after authentication to protect unencrypted data.
Regarding claim 5: Rosati as modified discloses further comprising:
receiving, by the network device and from the user device, a message indicative of a request to access data associated with the second computing system (Rosati - [0027]: the computing device 4 utilizes the VPN client 20 to request access to the private network 2 by communicating with the VPN gateway 6 over a public network 8); and
sending, by the network device and to the second computing system, a message indicative of a request for service from the second computing system (Rosati - [0027]: The VPN gateway 6 after receiving such a request initiates an authentication of the associated user at stage 4 by communicating with the authentication server 12),
wherein the receiving the challenge message is based on the sending the message indicative of the request for service from the second computing system (Rosati - [0027]: The authentication server 12 initiates a challenge/response protocol and sends a cryptographic challenge at stage 5 to the mobile device 10 associated with the user making the request in stage 3, see also [0030-0031]).
Regarding claim 7: Rosati as modified discloses wherein the network device comprises at least one of a gateway, a DOCSIS device, or a remote customer premises equipment (rCPE) (Rosati - [0024]: Fig. 1, a VPN gateway 6).
Regarding claim 8: Rosati as modified discloses wherein the user device comprises at least one of a wireless consumer device, a computer, a sensor, an effector, a control, an industrial device, or retail equipment (Rosati - [0023]: mobile devices may include, without limitation, cellular phones, smart-phones, wireless organizers, pagers, personal digital assistants, computers, laptops, handheld or other wireless communication devices).
Regarding claims 9-13 and 15: Claims are directed to apparatus/device claims and do not teach or further define over the limitations recited in claims 1-5 and 7. Therefore, claims 9-13 and 15 are also rejected for similar reasons set forth in claims 1-5 and 7. 
Regarding claims 16-18 and 20: Claims are directed to method/computer readable medium claims and do not teach or further define over the limitations recited in claims 1-3 and 5. Therefore, claims 16-18 and 20 are also rejected for similar reasons set forth in claims 1-3 and 5. 

Claims 6, 14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Rosati et al. (US 2013/0046976, hereinafter Rosati) in view of Scherer (Pub. No.: US 2013/0073847) and Townsley et al. (Pub. No.: US 2007/0203990, hereinafter Townsley).
Regarding claims 6, 14 and 19: Rosati as modified doesn’t explicitly teach but Townsley990 discloses:
further comprising: 
receiving, by the network device and from the first computing system, a timeout notice that comprises an indication of a time interval (Townsley - [0032]: a DHCP client operating on a device communicates with one or more DHCP servers to obtain configuration information, including an IP address for the client's host device. The configuration data is valid for a limited time interval, called a lease time);
sending, by the network device and prior to the expiration of the indicated time interval, a keep-alive message (Townsley - [0032]: Before the lease expires at the end of the lease time interval, the DHCP client may send a renew request message to extend the lease for some period of time); and
receiving, by the network device and from the first computing system, information indicating the permission is continued (Townsley - [0068-0070]: If in step 640 it is determined that a DHCP lease for communications between the customer node and nodes on the IP network does not expire, … determined whether a DHCP echo request is received among the unicast IP data packets … determined whether the echo request is valid). 
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Rosati and Scherer with Townsley so that a time interval configuration is received from the server and a renew message is sent before time out for continuing the service. The modification would have allowed the system to extent service.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
VAS et al. (Pub. No.: US 2011/0314346) - Identifying a slice name information error in a dispersed storage network
Uefuji et al. (Pub. No.: US 2015/0156058) - Management server
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437