DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment

The amendments filed 06/30/2022 have been entered.
Per the 06/30/2022 amendment:
Claims 1-8 and 10-20 are currently amended.
Claims 1-20 are now pending.

Response to Arguments

Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection relies on a newly entered reference not applied in the prior rejection in response to new subject matter, namely decryption at an IoT device.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1, 3-11, 13-15 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Stahl (US 20190158453 A1), hereafter S1, in view of Fang (US 20190289006 A1), hereafter F1.
Regarding Claim 1, S1 discloses the below limitation:	receiving, by a data transmission device, a data packet sent by an external network device (S1 Fig 4 S202 [local gateway] receives data packets);	verifying, by the data transmission device, an authentication header (AH) packet header of the data packet by using a first security association (SA) (Fig 4 S204 [local gateway] obtains verification of identity; Fig 5 S204a obtain a verification key of the wireless device (i.e. an SA) and 204b Validate AH); 	sending, by the data transmission device, the data packet to an internet of things (IoT) device in response to the verification being successful (Fig 4 S206 [local gateway] transmits data packets);
S1 does not disclose the below limitation:	separately sending, by the data transmission device, a second SA to the IoT device, wherein the second SA is used by the IoT device for decrypting the data packet.
In the same field of endeavor of packet protection and forwarding, F1 does disclose the below limitation:	separately sending, by the data transmission device, a second SA to the IoT device, wherein the second SA is used by the IoT device for decrypting the data packet (F1 Par 48 IoT decrypts data from a server device using the device private key (i.e. a SA)).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the teaching of S1 to include decrypting a packet at an IoT device with a key as taught by F1.  The suggestion/motivation to do so would have been to offload the decryption of the packet from the network to the edge, as well as decoupling the keys used for authentication and encryption/decryption for increased security. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 3, S1 and F1 disclose the limitations of Claim 1.
S1 does not disclose the below limitation:	wherein the second SA is used by the IoT device to parse the data packet.
In the same field of endeavor of packet protection and forwarding, F1 does disclose the below limitation:	wherein the second SA is used by the IoT device to parse the data packet (F1 Par 48 IoT decrypts data from a server device using the device private key (i.e. a SA)).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission method to include using a key to decrypt a packet at an IoT in order to parse the packet as taught by F1.  The suggestion/motivation to do so would have been to offload the work of parsing the packet from the network to the edge. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 4, S1 and F1 disclose the limitations of Claim 3.
S1 further discloses the below limitation:	wherein the second SA is encrypted, by the data transmission device, using a local key of the IoT device (S1 Par 70 wherein private key (e.g. local key) is used to encrypt the packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission method to include encrypting a packet using a private key as taught by S1.  The suggestion/motivation to do so would have been to increase security and prevent man-in-the-middle attacks targeting the second SA. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 5, S1 and F1 disclose the limitations of Claim 1.
S1 further discloses the below limitation:	receiving, by the data transmission device, the first SA and the second SA sent by the IoT device, wherein the first SA and the second SA are determined by the IoT device through negotiation with the external network device (S1 Fig 3 step 104a obtain a verification key of the wireless device); and	storing, by the data transmission device, the first SA and the second SA (Par 69 discloses a database of device keys; see also Fig 4 S208).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission method to include receiving a set of keys for authentication and encryption/decryption and then storing those keys in a database as taught by S1.  The suggestion/motivation to do so would have been to facilitate future communication between the IoT device and the transmission device without needing to exchange keys and re-authenticate. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 6, S1 discloses the below limitation:	receiving, by a data transmission device, a data packet sent by an internet of things (IoT) device (S1 Fig 4 S202 [local gateway] receives data packets);	encapsulating, by the data transmission device, an authentication header (AH) packet header of the data packet by using a first security association (SA) (Par 70 a wireless device can include an AH to integrity protect a data packet);	sending, by the data transmission device, an encapsulated data packet to an external network device (Fig 4 S206 [local gateway] transmits data packets); and
S1 does not disclose the below limitation:	separately sending, by the data transmission device, a second SA to the IoT device, wherein the second SA is used by the IoT device for decrypting the data packet.
In the same field of endeavor of packet protection and forwarding, F1 does disclose the below limitation:	separately sending, by the data transmission device, a second SA to the IoT device, wherein the second SA is used by the IoT device for decrypting the data packet (F1 Par 48 IoT decrypts data from a server device using the device private key (i.e. a SA)).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the teaching of S1 to include decrypting the packet at the IoT device using a private key (i.e. second SA) as taught by F1.  The suggestion/motivation to offload the decryption of the packet from the network to the edge, as well as decoupling the keys used for authentication and encryption/decryption for increased security. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 7, S1 and F1 disclose the limitations of Claim 6.
S1 further discloses the below limitation:	wherein the data packet is sent by the IoT device after being encapsulated by using the second SA (S1 Par 70 data packets can be integrity protected by symmetric key or private key of the wireless device).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission method to include sending the packet by the IoT after integrity protecting it using a private key (i.e. second SA) as taught by S1.  The suggestion/motivation to do so would have been to increase security of packet transmission between the IoT device and the transmission device or some other receiving device in the network. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 8, S1 and F1 disclose the limitations of Claim 6.
S1 does not disclose the below limitation:	receiving, by the data transmission device, a second SA obtaining request sent by the IoT device.
In the same field of endeavor of packet protection and forwarding, F1 does disclose the below limitation:	receiving, by the data transmission device, a second SA obtaining request sent by the IoT device (F1 Par 11 IoT device requests a verification apparatus authenticate it and assign a device key (i.e. SA), including a private key and public key).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission method to include an IoT device requesting a key for authentication and/or encryption/decryption from a network node as taught by F1.  The suggestion/motivation to do so would have been to provide increased security for communication with the IoT device by facilitating key pairs used for authentication and/or encryption/decryption. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 9, S1 and F1 disclose the limitations of Claim 7.
S1 further discloses the below limitation:	wherein the second SA is encrypted by using a local key of the IoT device (S1 Par 70 wherein private key (e.g. local key) is used to encrypt the packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission method to include encrypting a packet using a private key as taught by S1.  The suggestion/motivation to do so would have been to increase security and prevent man-in-the-middle attacks targeting the second SA. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 10, S1 and F1 disclose the limitations of Claim 6.
S1 further discloses the below limitation:	receiving, by the data transmission device, the first SA and the second SA sent by the IoT device, wherein the first SA and the second SA are determined by the IoT device through negotiation with an external network device (S1 Fig 3 step 104a obtain a verification key of the wireless device); and	storing, by the data transmission device, the first SA and the second SA (Par 69 discloses a database of device keys; see also Fig 4 S208).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission method to include receiving a set of keys for authentication and encryption/decryption and then storing those keys in a database as taught by S1.  The suggestion/motivation to do so would have been to facilitate future communication between the IoT device and the transmission device without needing to exchange keys and re-authenticate. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 11, S1 discloses the below limitation:	a receiver configured to cooperate with a processor (S1 Fig 15 Comm. Interface 420 and Processing circuitry 410) to	receive a data packet sent by an external network device (Fig 4 S202 [local gateway] receives data packets);	the processor configured to verify an authentication header (AH) packet header of the data packet by using a first security association (SA) (Fig 4 S204 [local gateway] obtains verification of identity; Fig 5 S204a obtain a verification key of the wireless device (i.e. an SA) and 204b Validate AH);	a transmitter configured to cooperate with the processor to send the data packet to an internet of things (IoT) device in response to the verification being successful (Fig 4 S206 [local gateway] transmits data packets); and
S1 does not disclose the below limitation:	separately send a second SA to the IoT device, wherein the second SA is used by the IoT device for decrypting the data packet.
In the same field of endeavor of packet protection and forwarding, F1 does disclose the below limitation:	separately send a second SA to the IoT device, wherein the second SA is used by the IoT device for decrypting the data packet (F1 Par 48 IoT decrypts data from a server device using the device private key (i.e. a SA)).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the teaching of S1 to include decrypting a packet at an IoT device with a key as taught by F1.  The suggestion/motivation to do so would have been to offload the decryption of the packet from the network to the edge, as well as decoupling the keys used for authentication and encryption/decryption for increased security. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 13, S1 and F1 disclose the limitations of Claim 11.
S1 does not disclose the below limitation:	wherein a second SA is configured for use by the IoT device to parse the data packet.
In the same field of endeavor of packet protection and forwarding, F1 does disclose the below limitation:	wherein a second SA is configured for use by the IoT device to parse the data packet (F1 Par 48 IoT decrypts data from a server device using the device private key (i.e. a SA)).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission device to include using a key to decrypt a packet at an IoT in order to parse the packet as taught by F1.  The suggestion/motivation to do so would have been to offload the work of parsing the packet from the network to the edge. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 14, S1 and F1 disclose the limitations of Claim 13.
S1 further discloses the below limitation:	wherein the second SA is encrypted by using a local key of the IoT device (S1 Par 70 wherein private key (e.g. local key) is used to encrypt the packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission device to include encrypting a packet using a private key as taught by S1.  The suggestion/motivation to do so would have been to increase security and prevent man-in-the-middle attacks targeting the second SA. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 15, S1 and F1 disclose the limitations of Claim 11.
S1 further discloses the below limitation:	wherein the device further comprises a memory coupled to the processor (S1 Fig 15 Storage medium 430);	the receiver is further configured to cooperate with the processor to receive the first SA and the second SA sent by the IoT device (Fig 3 step 104a obtain a verification key of the wireless device); and	the memory is configured to store the first SA and the second SA (Par 69 discloses a database of device keys; see also Fig 4 S208).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission device to include receiving a set of keys for authentication and encryption/decryption and then storing those keys in a database as taught by S1.  The suggestion/motivation to do so would have been to facilitate future communication between the IoT device and the transmission device without needing to exchange keys and re-authenticate. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 17, S1 discloses the below limitation:	a receiver configured to cooperate with a processor (S1 Fig 15 Comm. Interface 420 and Processing circuitry 410) to	receive a data packet sent by an internet of things (IoT) device (Fig 4 S202 [local gateway] receives data packets);	the processor configured to encapsulate an authentication header (AH) packet header of the data packet by using a first security association (SA) (Par 70 a wireless device can include an AH to integrity protect a data packet); and	a transmitter (Fig 15 Comm. Interface 420) configured to:	send an encapsulated data packet to an external network device (Fig 4 S206 [local gateway] transmits data packets); and
S1 does not disclose the below limitation:	separately send, by the data transmission device, a second SA to the IoT device, wherein the second SA is used by the IoT device for decrypting the data packet.
In the same field of endeavor of packet protection and forwarding, F1 does disclose the below limitation:	separately send, by the data transmission device, a second SA to the IoT device, wherein the second SA is used by the IoT device for decrypting the data packet (F1 Par 48 IoT decrypts data from a server device using the device private key (i.e. a SA)).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the teaching of S1 to include decrypting the packet at the IoT device using a private key (i.e. second SA) as taught by F1.  The suggestion/motivation to offload the decryption of the packet from the network to the edge, as well as decoupling the keys used for authentication and encryption/decryption for increased security. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 18, S1 and F1 disclose the limitations of Claim 17.
S1 further discloses the below limitation:	wherein the data packet is sent by the IoT device after being encapsulated by using a second SA (S1 Par 70 data packets can be integrity protected by symmetric key or private key of the wireless device).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission device to include sending the packet by the IoT after integrity protecting it using a private key (i.e. second SA) as taught by S1.  The suggestion/motivation to do so would have been to increase security of packet transmission between the IoT device and the transmission device or some other receiving device in the network. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 19, S1 and F1 disclose the limitations of Claim 17.
S1 does not disclose the below limitation:	wherein the receiver is further configured to receive a second SA obtaining request sent by the IoT device.
In the same field of endeavor of packet protection and forwarding, F1 does disclose the below limitation:	wherein the receiver is further configured to receive a second SA obtaining request sent by the IoT device (F1 Par 11 IoT device requests a verification apparatus authenticate it and assign a device key (i.e. SA), including a private key and public key).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission device to include an IoT device requesting a key for authentication and/or encryption/decryption from a network node as taught by F1.  The suggestion/motivation to do so would have been to provide increased security for communication with the IoT device by facilitating key pairs used for authentication and/or encryption/decryption. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.
Regarding Claim 20, S1 and F1 disclose the limitations of Claim 18.
S1 further discloses the below limitation:	wherein the second SA is encrypted by using a local key of the IoT device (S1 Par 70 wherein private key (e.g. local key) is used to encrypt the packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission device to include encrypting a packet using a private key as taught by S1.  The suggestion/motivation to do so would have been to increase security and prevent man-in-the-middle attacks targeting the second SA. Therefore, it would have been obvious to combine S1 and F1 to obtain the invention, as specified in the instant claim.

Claim(s) 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over S1 in view of F1 and further in view of Uddin (US 20200053190 A1), hereafter U1.
Regarding Claim 2, S1 and F1 disclose the limitations of Claim 1.
S1 and F1 do not disclose the below limitation:	removing, by the data transmission device, the AH packet header of the data packet; and	sending to the IoT device, by the data transmission device, the data packet from which the AH packet header is removed.
In the same field of endeavor of packet protection and forwarding, U1 does disclose the below limitation:	removing, by the data transmission device, the AH packet header of the data packet (U1 Fig 5 step 511 remove security information from NWK header); and	sending to the IoT device, by the data transmission device, the data packet from which the AH packet header is removed (Fig 5 step 524 forward packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission method to include removing the AH packet header prior to forwarding the packet to the IoT device as taught by U1. The suggestion/motivation to do so would have been to remove unnecessary header information in order to reduce congestion in the network. Once the packet has been authenticated by the data transmission device, the AH is no longer needed to facilitate authentication. Therefore, it would have been obvious to combine S1, F1 and U1 to obtain the invention, as specified in the instant claim.
Regarding Claim 12, S1 and F1 disclose the limitations of Claim 11.
S1 and F1 do not disclose the below limitation:	wherein the processor is further configured to remove the AH packet header of the data packet; and	the transmitter is further configured to cooperate with the processor to send, to the IoT device, the data packet from which the AH packet header is removed.
In the same field of endeavor of packet protection and forwarding, U1 does disclose the below limitation:	wherein the processor is further configured to remove the AH packet header of the data packet (U1 Fig 5 step 511 remove security information from NWK header); and	the transmitter is further configured to cooperate with the processor to send, to the IoT device, the data packet from which the AH packet header is removed (Fig 5 step 524 forward packet).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission method to include removing the AH packet header prior to forwarding the packet to the IoT device as taught by U1. The suggestion/motivation to do so would have been to remove unnecessary header information in order to reduce congestion in the network. Once the packet has been authenticated by the data transmission device, the AH is no longer needed to facilitate authentication. Therefore, it would have been obvious to combine S1, F1 and U1 to obtain the invention, as specified in the instant claim.

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over S1 in view of F1 and further in view of Rommer (US 20190364420 A1), hereafter R1.
Regarding Claim 16, S1 and F1 disclose the limitations of Claim 11.
S1 and F1 do not disclose the below limitation:	wherein the data transmission device is a gateway device between the external network and the IoT network, or the data transmission device is an agent node in the IoT network, and	the agent node is configured to exchange data between the gateway device and the IoT device.
In the same field of endeavor of packet protection and forwarding, R1 does disclose the below limitation:	wherein the data transmission device is a gateway device between the external network and the IoT network, or the data transmission device is an agent node in the IoT network (R1 Fig 3b wherein gateway ngPDG/N3IWF 103 is situated between the network and an IoT device), and	the agent node is configured to exchange data between the gateway device and the IoT device (Fig 3b wherein gateway ngPDG/N3IWF 103 is used to facilitate communication between an IoT device 120 and the network via UP 105).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the invention, to modify the aforementioned data transmission device to include an intermediate node between the IoT device and the server that acts as an agent as taught by R1.  The suggestion/motivation to do so would have been to offload the authentication step from the network to an intermediate agent closer to the edge for increased efficiency. Therefore, it would have been obvious to combine S1, F1 and R1 to obtain the invention, as specified in the instant claim.


Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWN D MILLER whose telephone number is (571)272-8599. The examiner can normally be reached M-TR 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles C Jiang can be reached on (571) 270-7191. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAWN D MILLER/Examiner, Art Unit 2412                                                                                                                                                                                                        

/JAMAL JAVAID/Primary Examiner, Art Unit 2412