DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The 2/22/22 IDS has been considered by the examiner.

Response to Amendment / Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments, in view of the amended claim language, have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Bransdma (EP 3,059,919 A1).

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 4-8, 11-15, and 18-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 16/804,511 in view of Shambroom (US 2001/0020274 A1), Nadalin (US 2005/0278534 A1), and Bransdma (EP 3,059,919 A1). As per exemplary independent claim 1 below, the co-pending claims are substantially identical to those of instant application, but do not recite “send a query to an enterprise gateway to determine if the enterprise gateway has a locally stored copy of an encryption key associated with the user identifier; receive a reply to the query, the reply indicating that the enterprise gateway has the locally stored copy of the encryption key associated with the user identifier; in response to receipt of the reply to the query.” However, at least [0110] and [0125] Shambroom concern requesting cached key data from a gateway. Further, at least [0049] and [0053] of Nadalin concern formatting requests and responses between services via XML document and embedding key data into the XML document. Therefore it would have been obvious to one of ordinary skill in the art to modify the co-pending claim to further include requesting and retrieving cached gateway key data via XML document for at least the purpose of reducing memory requirements at the computing device and to attain benefits of XML (i.e., simplicity, generality, and usability). The co-pending claims further do not recite sending the device public key to the gateway for encryption of the profile and forwarding the encrypted profile. However, at least [0019]-[0020] and [0023]-[0025] of Bransdma disclose sending a joining device’s public key to a gateway for encrypting a network key for transmission to the joining device via a proxy. Therefore it would have been obvious to one of ordinary skill in the art to modify the co-pending claim to further include securing gateway information via encryption for at least the purpose of increasing security as described in [0018] of Bransdma (e.g., preventing information from being exposed in transit).
Claims 4-7 are rejected as below. Independent claims 8 and 15 are substantially similar to exemplary independent claim 1 below, and are likewise rejected for substantially the same reasons. Claims 11-14, and 18-20 are substantially similar to claims 4-7 above and are likewise rejected. Claims 2-3, 9-10, and 16-17 are not rejected under double patenting.

Instant Application
Co-pending Application No. 16/804,511
1. A system, comprising: 
a computing device comprising a processor and a memory; and machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least: 


receive an enrollment request from a client device; wherein the client device comprises a client device key pair comprising a client device public key and a respective client device private key, and wherein the enrollment request comprises the client device public key;

send a key request to a certificate provider, the key request comprising a user identifier; 

send a query to an enterprise gateway to determine if the enterprise gateway has a locally stored copy of an encryption key associated with the user identifier; 

receive a reply to the query, the reply indicating that the enterprise gateway has the locally stored copy of the encryption key associated with the user identifier; 

in response to receipt of the reply to the query, send a skeleton payload and the client device public key to an enterprise gateway; 


relay an encrypted profile from the enterprise gateway to the client device, the encrypted profile comprising the skeleton payload with an encryption key inserted by the enterprise gateway into the skeleton payload,  wherein the encrypted profile is encrypted by the enterprise gateway using the client device public key.

1. (Original) A system, comprising: a computing device comprising a processor and a memory; and machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least: 


receive an enrollment request from a client device; 






send a key request to a certificate provider, the key request comprising a user identifier; 









send a skeleton payload to an enterprise gateway, wherein the skeleton payload is a preformatted file comprising one or more empty elements.


receive an encrypted profile from the enterprise gateway, the encrypted profile comprising the skeleton payload with an encryption key inserted by the enterprise gateway into the skeleton payload; and 
send the encrypted profile to the client device.
4. The system of claim 1, wherein the encrypted profile further comprises a certificate included in the skeleton payload and the certificate comprises the encryption key.
4. (Original) The system of claim 1, wherein the encrypted profile further comprises a certificate included in the skeleton payload and the certificate comprises the encryption key.
5. The system of claim 4, wherein the certificate is a Secure / Multipurpose Internet Mail Extensions (S/MIME) certificate.
5. (Original) The system of claim 4, wherein the certificate is a Secure / Multipurpose Internet Mail Extensions (S/MIME) certificate.
6. The system of claim 1, wherein the machine-readable instructions further cause the computing device to sign the encrypted profile with a signing certificate.
6. (Original) The system of claim 1, wherein the machine-readable instructions further cause the computing device to sign the encrypted profile with a signing certificate.
7. The system of claim 1, wherein the enrollment request comprises the user identifier.
7. (Original) The system of claim 1, wherein the enrollment request comprises the user identifier.


This is a provisional nonstatutory double patenting rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-11, 13-18, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shambroom (US 2001/0020274 A1) in view of Nadalin (US 20050278534 A1) and Bransdma (EP 3,059,919 A1).

Regarding claim 1, Shambroom discloses: A system, comprising: 
a computing device comprising a processor and a memory (e.g., FIG. 8 of Shambroom); and 
machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least: 
receive an enrollment request from a client device; 
Refer to at least [0059]-[0061] of Shambroom with respect to a client request and associated login form.
send a key request to a certificate provider, the key request comprising a user identifier; 
Refer to at least [0065]-[0067] of Shambroom with respect to a server request to a KDC concerning the client and user info from the login form.
send a query to an enterprise gateway (gateway certificate server 2440; e.g., at least FIG. 8 of Shambroom) to determine if the enterprise gateway has a locally stored copy of an encryption key associated with the user identifier; 
Refer to at least [0110] and [0125] of Shambroom with respect to requesting cached key data from the gateway certificate server.
[obtain] an encrypted profile from the enterprise gateway to the client device, the encrypted profile comprising [a payload] with an encryption key inserted by the enterprise gateway into [the payload]; and 
Refer to at least [0067] of Shambroom with respect to encrypted Kerberos communications.
Refer to at least [0111]-[0113] of Shambroom with respect to obtaining the requested cached key data. 
Refer to at least [0069] of Shambroom with respect to the client obtaining the cached key data. 
Shambroom does not fully specify: receive a reply to the query, the reply indicating that the enterprise gateway has the locally stored copy of the encryption key associated with the user identifier; in response to receipt of the reply to the query, send a skeleton payload to an enterprise gateway; the encrypted profile comprising the skeleton payload;  with an encryption key inserted by the enterprise gateway into the skeleton payload; wherein the client device comprises a client device key pair comprising a client device public key and a respective client device private key, and wherein the enrollment request comprises the client device public key; send a skeleton payload and the client device public key;  relay an encrypted profile from the enterprise gateway to the client device; wherein the encrypted profile is encrypted by the enterprise gateway using the client device public key. However, Shambroom in view of Nadalin discloses: receive a reply to the query, the reply indicating that the enterprise gateway has the locally stored copy of the encryption key associated with the user identifier; in response to receipt of the reply to the query, send a skeleton payload to an enterprise gateway; the encrypted profile comprising the skeleton payload;  with an encryption key inserted by the enterprise gateway into the skeleton payload; 
Refer to at least [0049] and [0053] of Nadalin with respect to formatting requests and responses between services via XML document, and with respect to embedding key data into the XML document.
Shambroom-N!adalin in view of Bransdma further discloses: wherein the client device comprises a client device key pair comprising a client device public key and a respective client device private key, 
Refer to at least [0020] of Bransdma with respect to a device attempting to join a network, wherein the device has a public-private key pair.
and wherein the enrollment request comprises the client device public key;
Refer to at least [0020] and steps 1-2 on page 6 of Bransdma with respect to use of the public key of the joining device for attempting to join the network.
 send a skeleton payload and the client device public key; relay an encrypted profile from the enterprise gateway to the client device; wherein the encrypted profile is encrypted by the enterprise gateway using the client device public key.
Refer to at least [0019]-[0020] and [0023]-[0024] and steps 3-7 of Bransdma with respect to the joining device’s public key being provided by a proxy to a gateway, the gateway encrypting a network key with the public key and then sending the encrypted network key to the joining device via the proxy. 
The teachings of Shambroom and Nadalin concern certificate retrieval and validation, and are considered to be within the same field of endeavor and combinable as such. The teachings of Shambroom-Nadalin and Bransdma both concern network joining and are likewise considered to be combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Shambroom with those of Nadalin to include to requests and responses between services via XML documents with embedded key data for at least the purpose of attaining the benefits of XML (i.e., simplicity, generality, and usability). It further would have been obvious to modify the teachings of Shambroom-Nadalin to include securing gateway information via encryption for at least the purpose of increasing security as described in [0018] of Bransdma (e.g., preventing information from being exposed in transit).

Regarding claim 2, Shambroom-Nadalin-Bransdma discloses: The system of claim 1, wherein the machine-readable instructions further cause the computing device to at least: retrieve a request identifier from the enrollment request; generate a response identifier based at least in part on the request identifier; and insert the response identifier into the skeleton payload, where the skeleton payload is sent to the enterprise gateway subsequent to insertion of the response identifier.
Refer to at least [0049] of Nadalin, wherein the “XML document may be accompanied by a digital certificate for the user/client that is requesting the transaction, e.g., such that the user/client can positively assert its identity.”
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 3, Shambroom-Nadalin-Bransdma discloses: The system of claim 1, wherein the machine-readable instructions further cause the computing device to at least: retrieve a session identifier from the enrollment request; and insert the session identifier into the skeleton payload, wherein the skeleton payload is sent to the enterprise gateway subsequent to insertion of the session identifier.
Refer to at least [0049] of Nadalin, wherein the “XML document may be accompanied by a digital certificate for the user/client that is requesting the transaction, e.g., such that the user/client can positively assert its identity.”
Refer to at least [0060] and [0065]-[0066] of Shambroom with respect to exemplary session identifiers such as a session key and/or user principle data. 
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 4, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations concerning the certificate).

Regarding claim 6, Shambroom-Nadalin-Bransdma discloses: The system of claim 1, wherein the machine-readable instructions further cause the computing device to sign the encrypted profile with a signing certificate.
Refer to at least [0033] of Nadalin with respect to digital signatures; [0007] with respect to digital signatures and certificates.  
This claim would have been obvious because all of the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art at the time (i.e., signatures and associated certificates).

Regarding claim 7, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations concerning the client request).

Regarding independent claim 8, it is substantially similar to independent claim 1 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claims 9-11 and 13-14, they are substantially similar to claims 2-4 and 6-7, and are therefore likewise rejected.

Regarding independent claim 15, it is substantially similar to independent claim 1 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claims 16-18 and 20, they are substantially similar to claims 2-4 and 6, and are therefore likewise rejected.

Claims 5, 12, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shambroom-Nadalin-Bransdma as applied to claims 1-4, 6-11, 13-18, and 20 above, and further in view of Mistry (US 20180145971 A1).

Regarding claim 5, Shambroom-Nadalin-Bransdma does not specify: wherein the certificate is a Secure / Multipurpose Internet Mail Extensions (S/MIME) certificate. However, Shambroom-Nadalin-Bransdma in view of Mistry discloses: wherein the certificate is a Secure / Multipurpose Internet Mail Extensions (S/MIME) certificate. 
Refer to at least [0006] of Mistry with respect to S/MIME certificates as an exemplary type of certificate. 
The cited teachings of Mistry concern certificates for network access and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Shambroom-Nadalin-Bransdma to further include S/MIME certificates because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time (i.e., the type of certificate used).

Regarding claims 12 and 19, they are substantially similar to claims 2-4 and 6-7, and are therefore likewise rejected.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/            Examiner, Art Unit 2432