DETAILED ACTION
This Action is in consideration of the Applicant’s response on May 16, 2022.  Claims 23, 25, 42, and 43 are amended by the Applicant.  Claims 23, 25, and 27 – 44, where Claims 23 and 42 – 44 are in independent form, are presented for examination.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on April 20, 2022 was filed before the mailing date of the current action.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
	Applicant’s arguments filed May 16, 2022 have been fully considered but they are not persuasive.  Applicant argued:
a)	Regarding Claims 23, 42, and 43, Phuong does not disclose or suggest the limitation of “activate, at a router in response to detecting of the entry of the terminal from the command-line interface, a command monitoring mode in which the router monitors the terminal for detecting commands entered via the terminal.”
b)	Regarding Claim 44, Phuong does not disclose or suggest the limitation of “detect, by a command management element of a router based on a command monitoring mode configured to use at least one of a command tracing function or a command tracking function, a command from a terminal of the router.”
The Office respectfully disagrees with Applicant’s assertions.
1.	With regards to a), the Applicant argues that Phuong merely discloses of obtaining or enabling the user to access privileged debug services [See Remarks, Pg. 2, 2nd Para.].  However, Phuong discloses that this access is provided to the user by activating a privileged debug session by invoking and logging into the SID process via the CLI of the router [Col. 11, lines 31-34; Col. 11, line 53 – Col. 12, line 7].  Therefore, Phuong discloses of “activat[ing], at a router in response to detecting of the entry of the terminal from the command-line interface, a command monitoring mode.”
	Additionally, it is unclear if the Applicant is implying that “monitoring the terminal for detecting commands entered via the terminal” is more than simply waiting for a command to be entered to executed.  The Office reminds the Applicant that the pending claims must be "given the broadest reasonable interpretation consistent with the specification" [In re Prater, 162 USPQ 541 (CCPA 1969)] and "consistent with the interpretation that those skilled in the art would reach" [In re Cortright, 49 USPQ2d 1464 (Fed. Cir. 1999)].
	Review of the Applicant’s specification shows that “monitoring” is no different than the router being turned on and operational waiting for the user to enter a command via the CLI.  This “monitoring” is similar to a computer waiting for input signals, such as a command being entered into the CLI or through a mouse click.  There is no indication or disclosure of a polling process or any other type of process that would lead a person to interpret “monitoring” differently.
	To further elaborate Phuong’s debugging service and how it reads the claimed limitations, the example provided within Phuong will be discussed.
	Phuong discloses that when it is time to perform the debugging services, John instructs the customer to open up a CLI session via SSH and to enter administrative credentials.  John further instructs the customer that he will need to gain the bash shell of the CIMC component and the customer must type these commands.  This will invoke a secure login process to obtain the bash shell as a super user or root user (detect, at a router, entry of a terminal from a command-line interface) [See Phuong, Col. 11, lines 53-63].
	Phuong further discloses that after the customer enters his credentials and his credentials contain the correct privilege levels to grant SID access, the privileged session is achieved [Col. 12, lines 5-7, 31-33].  As stated above, Phuong discloses of activating a privileged debug session going through this process [See Fig. 2; Col. 11, lines 31-34].  The customer obtains the bash shell as a super user or root user (entry of a terminal) by entering commands and authentication credential of the SID process.  Once this privileged session is achieved via the bash shell, the customer can then type in various commands (activate, at a router in response to detection of the entry of the terminal from the command-line interface, a command monitoring mode in which the router monitors the terminal for detecting commands entered via the terminal) to obtain enough data to root cause or solve the issue [Col. 12, lines 31-44].  The commands are processed by the router to perform privileged functions on the router, such as the “eat somefile.txt” that will give the customer a general status report of an application on the router (detect, at the router based on the command monitoring mode, a command entered via the terminal) [See Phuong, Col. 12, lines 38-42].
2.	With regards to b), the Applicant merely opines that Phuong does not disclose the claimed limitation [See Remarks, Pg. 3; 3rd Para.].  Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.  Additionally, the pending claims must be "given the broadest reasonable interpretation consistent with the specification" [In re Prater, 162 USPQ 541 (CCPA 1969)] and "consistent with the interpretation that those skilled in the art would reach" [In re Cortright, 49 USPQ2d 1464 (Fed. Cir. 1999)].
	As indicated in the prior Office Action, Phuong discloses that during the privileged debug session, the SID client determines whether each command or action entered on the router is allowed for execution, which limits the nature and the number of commands that may be executed (detect, by a command management element of a router based on a command monitoring mode configured to use a command tracking function, a command from a terminal of the router) [Col. 10, lines 6-23].  In other words, the SID client tracks which commands/actions are allowed for the privileged debug session.  Therefore, the limitations are not distinguishable over the prior art.
Claim Rejections - 35 USC § 102
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 23, 25, 27 – 38, and 42 – 44 are rejected under 35 U.S.C. 102(a)(2) as being unpatentable over U.S. Patent 10,129,232 (hereinafter “Phuong”).
3.	Regarding Claims 23 and 42 – 43, Phuong discloses of an apparatus [Fig. 1B; Col. 3, line 30; customer product, e.g., router with SID client, etc.], comprising: 
at least one processor [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; processor]; and
at least one memory (CRM Claim 42) including computer program code [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; memory storing instructions];
wherein the at least one memory and the computer program code are configured to, with the at least one processor [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to], cause the apparatus to (method Claim 43) at least:
detect, at a router, entry of a terminal from a command-line interface [Col. 11, lines 31-34, lines 53-63; commands and credentials are entered via CLI of the router to activate privileged debug session];
activate, at a router in response to detection of the entry of the terminal from the command-line interface, a command monitoring mode in which the router monitors the terminal for detecting commands entered via the terminal [Col. 3, lines 44-48, Col. 6, lines 52-56, Col. 11, lines 31-34, lines 53-63, Col. 12, lines 31-44; activate and obtain access to privileged debug services via logging into a bash terminal via CLI of the SID client; commands can then be entered via CLI in the privileged debug session];
detect, at the router based on the command monitoring mode, a command entered via the terminal [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered using the bash terminal via CLI of the SID client to access privileged debug services are each determined if they are allowed or not]; and
initiate, at the router, a process for authorization of the command [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered by the user are determined by the SID client if they are allowed for execution before they are executed during privileged debug service].
4.	Regarding Claim 25, Phuong discloses all the limitations of Claim 23 above.  Phuong further discloses that the command is detected based on a terminal profile created at the router responsive to the entry of the terminal from the command-line interface [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; user is authenticated and then determined if the customer has the correct privilege level to invoke the debugger/SID].
5.	Regarding Claim 27, Phuong discloses all the limitations of Claim 23 above.  Phuong further discloses that the terminal is a Linux terminal and the command is a Linux command [Col., 3, lines 41-43; Col. 11, lines 54-63; Linux shell].
6.	Regarding Claim 28, Phuong discloses all the limitations of Claim 27 above.  Phuong further discloses that the Linux terminal is a BASH terminal [Col., 3, lines 41-43; Col. 11, lines 54-63; bash Linux shell].
7.	Regarding Claim 29, Phuong discloses all the limitations of Claim 23 above.  Phuong further discloses that the command is a system level command, wherein the command is detected based on a command tracing function [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; customer has the correct privilege level to invoke the debugger/SID client that parses each command entered to determine if they are allowed for execution].
8.	Regarding Claim 30, Phuong discloses all the limitations of Claim 23 above.  Phuong further discloses that the command does not require system level execution, wherein the command is detected based on a command tracking function [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; user is authenticated and then determined if the customer has the correct privilege level to access privileged debug service].
9.	Regarding Claim 31, Phuong discloses all the limitations of Claim 23 above.  Phuong further discloses that, to initiate the process for authorization of the command, the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
send, by the router toward a management element, the command for authorization of the command by the management element [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID client (management element), if they are allowed for execution during the session before they are executed].
10.	Regarding Claim 32, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that, to initiate the process for authorization of the command, the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
send, by the router toward the management element in conjunction with the command, at least one of a user identifier of a user which entered the command, a user session identifier of a user session via which the command was entered, a terminal type of the terminal, or one or more arguments of the command [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID client (management element), if they are allowed for execution during the session before they are executed].
11.	Regarding Claim 33, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that, to send the command toward the management element, the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
provide the command to an authentication, authorization, and accounting (AAA) subsystem of the router that is configured to communicate with the management element for authorization of the command [Col. 7, lines 8-16; Col. 10, lines 61-67; SID client authenticates the user, checks the user authorization, and records various information regarding the privilege debug sessions].
12.	Regarding Claim 34, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
receive, by the router from the management element, an authorization response [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID (management element), if they are allowed for execution during the session before they are executed]; and
determine, by the router based on the authorization response, whether to allow or deny execution of the command on the router [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID client (management element), if they are allowed for execution during the session before they are executed].
13.	Regarding Claim 35, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
receive, by the router from the management element, an authorization response including an indication that execution of the command on the router is authorized [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID (management element), if they are allowed for execution during the session before they are executed]; and 
initiate, by the router based on the indication that execution of the command on the router is authorized, execution of the command on the router [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session are determined, by the SID (management element), if they are allowed for execution during the session before they are executed].
14.	Regarding Claim 36, Phuong discloses all the limitations of Claim 35 above.  Phuong further discloses that the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
provide, via the terminal, an indication that execution of the command on the router is complete [Col. 12, lines 33-43; customer enters commands that produce results, such as a general status report of an application XXX].
15.	Regarding Claim 37, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
receive, by the router from the management element, an authorization response including an indication that execution of the command on the router is not authorized [Col. 10, lines 30-33, 55-60; SID client and/or SID server stops the SID process when authentication/authorization is not successful]; and
provide, via the terminal, an indication that execution of the command on the router is not authorized [Col. 10, lines 30-33, 55-60; customer returned back to a safe and secure state].
16.	Regarding Claim 38, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that the management element includes a local element of the router configured to perform authorization and accounting functions [Col. 7, lines 8-13, 45-55; Col. 10, lines 4-23; Col. 10, line 61 – Col. 11, line 10; SID client within router performs authorization and accounting functions].
17.	Regarding Claim 44, Phuong discloses an apparatus [Fig. 1B; Col. 3, line 30; customer product, e.g., router with SID client, etc.], comprising: 
at least one processor [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; processor]; and
at least one memory including computer program code [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; memory storing instructions];
wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus to [Col. 18, lines 21-24, 36-48; Col. 19, lines 2-10; instructions executed by processor to] at least:
detect, by a command management element of a router based on a command monitoring mode configured to use at least one of a command tracing function or a command tracking function, a command entered from a terminal of the router [Col. 3, lines 44-48, Col. 6, lines 52-56, Col. 11, lines 53-63; obtain access to privileged debug services via logging into a bash terminal via CLI (command management element) of the SID client; Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered using the bash terminal via CLI of the SID client to access privileged debug services are each determined if they are allowed or not via the SID client]; and
provide, by the command management element of the router toward an authentication, authorization, and accounting element of the router, the command. [Fig. 2; Col. 7, lines 35-50; Col. 10, lines 4-23; commands entered in CLI session via SID client on router during privileged debug service are each determined if they are allowed or not before they are executed by the SID client (authentication, authorization, and accounting element of the router)].
Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 39 – 41 are rejected under 35 U.S.C. 103 as being unpatentable over Phuong, in view of PGPub. 2011/0099255 (hereinafter “Srinivasan”).
18.	Regarding Claim 39, Phuong discloses all the limitations of Claim 31 above.  Phuong further discloses that the SID server can also determine if a command or action is authorized before execution and can perform accounting functions, but occurs before the command is entered on the router [Col. 10, lines 4-23; Col. 10, line 61 – Col. 11, line 10;].  Phuong, however, does not specifically disclose that the management element includes a remote server configured to perform command authorization and accounting functions.
	Srinivasan discloses a system and method authorizing commands entered in an internetworking device for execution [Abstract].  Srinivasan further discloses that the traditional approach within this field included the transmission from the router to the AAA server an authorization request to execute a particular command (includes a remote server configured to perform command authorization and accounting functions) [Figs. 2 and 3; Para. 0022].  It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Srinivasan with Phuong since they are both in the field of authorizing the execution of commands on a router.  The combination would have been a designer’s choice as to how authorization of commands are determined (e.g., either by the device or a server).  The motivation to do so is to enable the Phuong system to incorporate an older, known method of sending each command to the AAA server for authorization.  While this method has its own setbacks, this would ensure that commands that are received by the router do not violate established standards or policies before the command or changes are applied [Srinivasan; Para. 0020].
19.	Regarding Claim 40, Phuong, in view of Srinivasan, discloses all the limitations of Claim 39 above.  Srinivasan further discloses that the remote server includes an authentication, authorization, and accounting (AAA) server [Figs. 2 and 3; Para. 0022].
20.	Regarding Claim 41, Phuong, in view of Srinivasan, discloses all the limitations of Claim 40 above.  Srinivasan further discloses that the router, for communication with the remote server, is configured to support at least one of a Terminal Access Controller Access Control System (TACACS) protocol or a Remote Authentication Dial-In User Service (RADIUS) protocol [Para. 0042; both RADIUS and TACACS+ may be used].
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979.  The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624.  The fax phone number for submitting all Official communications is (703) 872-9306.  The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).
/TAE K KIM/Primary Examiner, Art Unit 2496