Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
2.	Applicant’s drawings filed on 12/03/2020 has been inspected and it is compliance with MPEP 608.02. 

 Specification
3.	The specification filed on 12/03/2020 is acceptable for examination proceedings.

Priority
4.	Application 17111443, filed 12/03/2020 Claims Priority from Provisional Application 62943753, filed 12/04/2019 is a continuation in part of 16891012, filed 06/02/2020 16891012 Claims Priority from Provisional Application 62856756, filed 06/04/2019. Therefore, the effective filling date for the subject matter defined in the pending claims of this application is 08/28/2019.		

Internet Communications
5. 	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439,
http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03. 
Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

6.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Mehner (US Pub. No. US 2018/0238570 A1, hereinafter refer as to Mehner) in view of Choyi et al. (US Pub. No. US 2017/0005999 A1, hereinafter refer as to Choyi).

Mehner provides device activities and conditions may be determined by comparing a hash of passwords and shadow files with prior hashes, determining disk utilization, comparing a hash of files in the file system with prior hashes, retrieving records of logins, determining central processing unit (CPU) utilization, and determining memory utilization.

Choyi provides a typical communication session generally involves a persistent interactive exchange of information between two or more communicating entities (e.g., devices, applications, etc.).

As per claim 1, Mehner (2019/0238570 A1) discloses an information technology (IT) device (fig. 1 and furthermore para. 0023 discloses (e.g., desktop computers, terminals, laptops, single-board computers, personal digital assistants (PDA), cellular phones, smartphones, tablet computers, e-book readers, smart watches and wearable devices, etc.), for example): comprising: one or more non-transitory computer-readable media for storing computer- readable program code (para. 0046, for example); and a processor in communication with the one or more non-transitory computer- readable media (fig. 1 depicted includes one or more remote devices 102, network security host system, for example), the processor being operative with the computer-readable program code to perform operations (para. 0046 discloses “machine readable medium,” “computer-readable medium,” “computer program medium,” and “computer usable medium” are used to generally refer to media such as a random-access memory (RAM); a read only memory (ROM); a removable storage unit (e.g., a magnetic or optical disc, flash memory device, or the like); a hard disk; or the like, for example)  including establishing a first secure channel for communication between  the IT device (fig. 4 and furthermore para. 0038, for example) and a cloud-computing platform (para. 0024 discloses network security host system 104 may comprise a cloud computing hosted environment. Cloud computing may generally refer to a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service, for example), receiving a request over the first secure channel for a device user interface (para. 0046 discloses a machine-readable medium as part of a computer program product, and is loaded into a computer system or other device or machine via a removable storage drive, hard drive, or communications interface, for example), wherein the request is initiated by a user device via the cloud-computing platform (para. 0024, for example), retrieving the device user interface (fig. 1 depicted network security host system 104 may comprise a cloud computing hosted environment, for example, files stored in storage 210 by network security host system 104 may be encrypted using a client public key or a random key that is encrypted using the client public key. Retrieving the stored files by security devices may include decrypting the files or the random key with client private keys that are specific to each of the security devices), establishing a second secure channel on demand for communication between the IT device and the cloud-computing platform (fig. 1 depicted network security host system 104 may comprise a cloud computing hosted environment. Cloud computing may generally refer to a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services), for example), and forwarding the device user interface over the second secure channel to the cloud-computing platform for communication to the user device (fig. 1 depicted one or more remote devices 102, network security host system 104, network 106, and a private network 108. Private network 108 includes various devices 110-122, shown as a network gateway 110, a laptop computer 112, a workstation computer 114, one or more security devices 116, a file database 118, a printer 120, and servers 122, for example).

Mehner failed to explicitly discloses establishing a second secure channel on demand for communication between the IT device and the cloud-computing platform and forwarding the device user interface over the second secure channel to the cloud-computing platform for communication to the user device 

However, Choyi discloses establishing a second secure channel on demand for communication between the IT device (fig. 36A shown secure mobile communications platform can in fact constitute several computers that are linked together in a network or be a virtual machine in a cloud computing context, for example) and the cloud-computing platform and forwarding the device user interface over the second secure channel to the cloud-computing platform for communication to the user device  (fig. 36A depicted secure mobile communications platform 12 receives and sends requests for establishing primary communication channels between enterprise data sources 22 and  the M2M devices 18 may collect data and send the data, via the communication network 12 or direct radio link, to an M2M application 20 or M2M devices 18, for example). 

Mehner and Choyi are analogous art because they both are directed to secure mobile communications platforms that provide primary communication channels, and one of ordinary skill in the art would have had a reasonable expectation of success to modify Mehner with the specified features of Choyi because they are from the same field of endeavor.

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Choyi with the teaching of Mehner in order to exchange of information between two or more communicating entities. [Choyi: par. 0002]. 

As per claim 2, Mehner as modified by Choyi discloses wherein the processor is operative with the computer-readable program code to establish the first and second secure channels by performing mutual authentication (para. 0162 of Choyi discloses an AE1 that intends to provide protection to a resource created by it, may request for the appropriate credentials with an M2M Enrollment Function MEF. It is assumed that the AE1 and the MEF may have performed a mutual authentication between them and established a secure communications channel using (D)TLS. It is also assumed that the MEF has determined that the AE1 has been authorized to perform such as request, for example). 

As per claim 3, Mehner as modified by Choyi discloses wherein the processor is operative with the computer-readable program code to perform the mutual authentication using a same trust certificate for the first and second secure channels (para. 0081 of Choyi the Security Enabling Function (SEF) may provide credentials for protecting and/or accessing content. The SEF may work as a trusted intermediary such as Trusted-Third-Party (TTP) in order to provide Client(s) with access to content. The SEF may be able to provision symmetric credentials as well as public key credentials. It may also function or interface to an external Certificate Authority (CA), for example). 

As per claim 4, Mehner as modified by Choyi discloses wherein the processor is operative with the computer-readable program code to perform the mutual authentication using different trust certificates for the first and second secure channels (para. 0081 of Choyi 0080,0104,0106,0108,0109,0120 and 0121 for example). 

As per claim 5, Mehner as modified by Choyi discloses wherein the processor is operative with the computer-readable program code to generate and validate one or more trust certificates for the mutual authentication with authentication information stored in the IT device (para. 0013 of Choyi discloses the apparatus may generate an authentication tag associated with the content. Further, the apparatus may send a request to a hosting common services entity to create a resource that contains the secured content and the security parameters. The credentials may be obtained from a trust enablement function, for instance an M2M enrollment function, in accordance with one example). 

As per claim 6, Mehner as modified by Choyi discloses wherein the authentication information comprises a unique IT device identifier and a hash of a public hardware-based key (para. 0006,0081,0094,0100 discloses Hop-by-hop security associations may be established by means of symmetric keys, by using certificates/raw public keys, or by a bootstrapping process that may be performed by a direct process or remotely by using the services of a device manufacturer or service provider, for example). 

As per claim 7, Mehner as modified by Choyi discloses wherein the processor is operative with the computer-readable program code to retrieve the device user interface using a web server implemented in the IT device (para. 0058 of Choyi discloses The CSE or SCL is a functional entity that may be implemented by hardware and/or software and that provides (service) capabilities or functionalities exposed to various applications and/or devices (e.g., functional interfaces between such functional entities) in order for them to use such capabilities or functionalities, for example). 

As per claim 8, Mehner as modified by Choyi discloses wherein the second secure channel comprises a full-duplex communication channel (fig. 36A of Choyi, for example). 

As per claim 9, Mehner discloses a method for cloud-based communication (fig. 1 depicted network security host system 104 may comprise a cloud computing hosted environment, for example), comprising: receiving, by a cloud-computing platform, from a user device a request for a device user interface of an information technology (IT) device (fig. 1 and furthermore para. 0023 discloses (e.g., desktop computers, terminals, laptops, single-board computers, personal digital assistants (PDA), cellular phones, smartphones, tablet computers, e-book readers, smart watches and wearable devices, etc.), for example).

Mehner failed to explicitly discloses sending, by the cloud-computing platform, over a first secure channel the request to the IT device; receiving, by the cloud-computing platform, over a second secure channel the device user interface from the IT device; and sending, by the cloud-computing platform, the device user interface to the user device for presentation.

However, Choyi discloses sending, by the cloud-computing platform, over a first secure channel the request to the IT device (fig. 36A shown secure mobile communications platform can in fact constitute several computers that are linked together in a network or be a virtual machine in a cloud computing context, for example, for example); receiving, by the cloud-computing platform, over a second secure channel the device user interface from the IT device; and sending, by the cloud-computing platform, the device user interface to the user device for presentation  (fig. 36A depicted secure mobile communications platform 12 receives and sends requests for establishing primary communication channels between enterprise data sources 22 and  the M2M devices 18 may collect data and send the data, via the communication network 12 or direct radio link, to an M2M application 20 or M2M devices 18, for example and para. 0078 discloses A client may also refer to an application or service residing on a machine, a dedicated hardware, or a cloud-based application or service, for example).

Mehner and Choyi are analogous art because they both are directed to secure mobile communications platforms that provide primary communication channels, and one of ordinary skill in the art would have had a reasonable expectation of success to modify Mehner with the specified features of Choyi because they are from the same field of endeavor.

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Smullen with the teaching of Mehner in order to exchange of information between two or more communicating entities [Choyi: par. 0002]. 

As per claim 10, Mehner as modified by Choyi discloses comprises starting a cloud session between the user device and the cloud-computing platform upon a first successful user authentication via a cloud user interface (fig. 1 of Mehner discloses he network 106 may be the Internet, following known Internet protocols for data communication, or any other communication network, e.g., any wide area network (WAN) connection, cellular network, wire-line type connections, wireless type connections, for example). 

As per claim 11, Mehner as modified by Choyi discloses starting a device session between the user device and the IT device upon a second successful user authentication via the device user interface (para. 0112 of Choyi discloses Secure hosting may include providing a strong authentication mechanism to access the data, providing a robust authorization mechanism, providing integrity to data, and/or providing confidentiality of data, for example). 

As per claim 12, Mehner as modified by Choyi discloses monitoring the device session independently from the cloud session (para. 0267 of Choyi discloses example user interfaces can be used to monitor and control alternative parameters as desired. It will further be understood that GUIs can provide a user with various information in which the user is interested via a variety of charts or alternative visual depictions, for example). 

As per claim 13, Mehner as modified by Choyi discloses implementing, by the cloud- computing platform, different session timeouts for the device session and the cloud session (fig. 1 of Choyi discloses shows an example of various communication sessions that be established between network nodes and furthermore, para. 0002,0005 discloses communication is performed via on-demand request and response messages. For example, a communication session may be established at a certain point in time, and torn down at a later point in time based on various circumstances (e.g., after the session times out or when one of the entities decides to terminate the session), for example).

As per claim 14, Mehner as modified by Choyi discloses wherein the request for the device user interface is sent in response to a user selection of an element within the cloud user interface (para. 0163 of Choyi discloses the selection of the algorithm as well as the nonces and Id may be based upon the values within the CryptoParams. The EC-R1 that is created may be based upon the JSON Web Encryption (JWE), and the R1-AT that is created may be based upon the JSON Web Signature, for example).

As per claim 15, Mehner as modified by Choyi discloses establishing the first secure channel using mutual authentication (fig. 36A of Choyi shown secure mobile communications platform can in fact constitute several computers that are linked together in a network or be a virtual machine in a cloud computing context, for example, for example);

As per claim 16, Mehner as modified by Choyi discloses establishing the second secure channel using mutual authentication (para. 0162 of Choyi discloses an AE1 that intends to provide protection to a resource created by it, may request for the appropriate credentials with an M2M Enrollment Function MEF. It is assumed that the AE1 and the MEF may have performed a mutual authentication between them and established a secure communications channel using (D)TLS. It is also assumed that the MEF has determined that the AE1 has been authorized to perform such as request, for example).

As per claim 17, Mehner as modified by Choyi discloses wherein the establishing the second secure channel is initiated on demand in response to the request for the device user interface sent by the user device (para. 0031 of Mehner discloses Device analyzer 204 may periodically retrieve the report from reports 216 to process and determine if any security devices have irregularities. Network security host system 104 may also request device activities and conditions on demand if security devices are suspected of being compromised or have encountered other issues, for example). 

As per claim 18, Mehner as modified by Choyi discloses comprises receiving, over the first secure channel, a session identification token that is associated with the device user interface (para. 0013 of Choyi discloses the apparatus may encrypt the content to create encrypted content. The apparatus may generate an authentication tag associated with the content. Further, the apparatus may send a request to a hosting common services entity to create a resource that contains the secured content and the security parameters. The credentials may be obtained from a trust enablement function, for instance an M2M enrollment function, in accordance with one example). 

As per claim 19, Mehner discloses cloud-based communication system (fig. depicted network security host system 104 may comprise a cloud computing hosted environment. Cloud computing, for example), comprising: a cloud-computing platform (para. 0024 discloses network security host system 104 may comprise a cloud computing hosted environment. Cloud computing may generally refer to a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service, for example); a user device communicatively coupled to the cloud-computing platform (fig. 1 discloses at least one security device is communicatively coupled to a private network and configured to generate heartbeat pulses comprising operational snapshots of the at least one security device. The system further comprises one or more host systems configured to communicate with the at least one security device from an external network, for example); and at least one information technology (IT) device communicatively coupled to the cloud-computing platform (para. 0024 discloses network security host system 104 may comprise a cloud computing hosted environment. Cloud computing may generally refer to a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service, for example).
 
Mehner failed to explicitly discloses wherein the at least one IT device includes a remote access agent, wherein the remote access agent sends a device user interface over a secure channel to the cloud-computing platform in response to a request from the user device received via the cloud-computing platform, wherein the cloud-computing platform sends the device user interface to the user device for display.

However, Smullen discloses wherein the at least one IT device includes a remote access agent (fig. 1 depicted  a system topology that includes a secure mobile communications platform, a plurality of remote user devices associated with users of the secure mobile communications platform, for example), wherein the remote access agent sends a device user interface over a secure channel to the cloud-computing platform in response to a request from the user device received via the cloud-computing platform (fig. 2 depicted the primary channels 210 are implemented in a cloud computing environment, for example) , wherein the cloud-computing platform sends the device user interface to the user device for display (fig. 4 depicted  the input 410 is a touch-sensitive display, such as a touch-sensitive surface, for example).

Mehner and Choyi are analogous art because they both are directed to secure mobile communications platforms and one of ordinary skill in the art would have had a reasonable expectation of success to modify Mehner with the specified features of Choyi because they are from the same field of endeavor.

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Choyi with the teaching of Mehner in order to exchange of information between two or more communicating entities [Choyi: par. 0002]. 
As per claim 20, Mehner as modified by Choyi discloses wherein the secure channel is established by mutual authentication using a trust certificate (para. 0162 of Choyi discloses an AE1 that intends to provide protection to a resource created by it, may request for the appropriate credentials with an M2M Enrollment Function MEF. It is assumed that the AE1 and the MEF may have performed a mutual authentication between them and established a secure communications channel using (D)TLS. It is also assumed that the MEF has determined that the AE1 has been authorized to perform such as request, for example). 

pertinent Art
7.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure Smullen et al. (US Pub. No.: US 2018/0212904 A1) provide a secure mobile communications platforms that provide primary communication channels. Users connect to primary communication channels and, in so doing, engage in secure bidirectional communication with enterprise data sources associated with such channels, thereby enabling the enterprise data sources to respond directly or broadcast messages to users.

Campagna provides (US Pub. No.: US 2018/0181756 A1) the configuration signature is a hash, checksum, or cyclic redundancy code ("CRC") generated using measures of hardware and software configuration of the virtual computer system instance. In some examples, the virtual computer system instance generates the configuration signature based on the image running on the virtual computer system instance. In another example, the virtual computer system generates the signature based on cryptographic hashes of one or more software components running within the virtual computer system instance.

Conclusion

8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





A.G.
August 12, 2022
/ABIY GETACHEW/Primary Examiner, Art Unit 2434