DETAILED ACTION

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12 July 2022 has been entered.
By the above submission, Claims 1, 3, 9, 11, 13, 19 and 20 have been amended.  No claims have been added or canceled.  Claims 1-20 are currently pending in the present application.

Response to Arguments

Applicant's arguments filed 12 July 2022 have been fully considered but they are not persuasive.
Regarding the rejection of Claims 1-20 under 35 U.S.C. 112(b) as indefinite, and with particular reference to Claims 2 and 12, Applicant states that the device shared registration key and the shared registration key are distinct keys generated respectively at the device and the server (page 33 of the present response, citing paragraphs 0030-0033 of the present specification).  However, these paragraphs do not describe a “device shared registration key” separate from the shared registration key; rather, these paragraphs only use the term “shared registration key”.  Paragraph 0031 further states that “the shared secret is the shared registration key”, suggesting that the device and server have the same shared registration key.  If Applicant intends for the shared registration key generated at the server to be distinct from the shared registration key generated at the device, then it is recommended to more clearly distinguish these keys in the claims, for example by using terms such as “device shared registration key” and “server shared registration key” or similar.
With reference to Claims 12, 13, and 17 (noting that there are also related issues raised in Claim 11), Applicant merely states that the phrase “the device” is intended to refer to “a device” recited at Claim 11, line 4 (see page 33 of the present response).  However, the claim language remains ambiguous because of the recitations of more than one device.  It is recommended that the device of Claim 11, line 4, be more specifically described in the claims.  For example, this device could be referred to as a “first device” or a “requesting device” or other distinguishing name, such that subsequent references to “the device” would then more explicitly refer to “the first device” or similar and be clearly distinct from “the memory device”.
Regarding the rejection of Claims 1-20 under 35 U.S.C. 103 as unpatentable over Heller et al, US Patent 9419852, in view of Vachon, US Patent Application Publication 2020/0302043, and with particular reference to independent Claim 1, Applicant argues that, while Vachon discloses that a token is valid for a predetermined amount of time, Vachon does not disclose a comparison of a receipt time of the token to a timestamp associated with generation of the token (pages 34-35 of the present response, citing Vachon, paragraph 0040).  However, it is noted that Claim 1, as amended, does not make clear how this comparison between the receipt time and time generation timestamp is related to the determination that the receipt time is within an allowed time frame.  Vachon clearly discloses determining that the receipt time is within an allowed time frame (paragraph 0040, where the token is valid for a particular duration, i.e. an allowed time frame).  Further, the amount of time is clearly determined from the creation of the token.  Therefore, Vachon teaches or suggests both comparing the receipt time and generation timestamp, and determining whether the receipt time is within an allowed time frame, as claimed.
Applicant further alleges that while Heller teaches a server, Heller does not teach that the server corresponds to or authenticates access to a secure service (page 35 of the present response, no evidence cited).  However, Heller explicitly describes a server operated by a service provider on behalf of content providers and the identification performed by the server is offered as a service (see Heller, column 4, line 57-column 5, line 2; see also column 6, lines 7-64, where the server provides a proxy service of device characterization and authentication).  Therefore, the server provides access to a service.  Applicant also alleges that Heller does not teach that the secure service requires validation the device is trusted to access the secure service (page 35 of the present response, no evidence cited).  First, it is noted that this limitation is not recited in Claim 20.  Further, Applicant provides no evidence or explanation in support of this allegation.  It is additionally submitted that validation that the device is trusted to access the service is merely the definition of authenticating the device for access to the service.  Applicant also alleges that the tokenizing process of Heller is distinguishable from the claimed device registration token and one-time activation token (page 35 of the present response, no evidence cited), but again, Applicant provides no evidence or explanation in support of this assertion.  These arguments that lack evidence and explanation fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Therefore, for the reasons detailed above, the Examiner maintains the rejections as set forth below.

Drawings

The objection to the drawings for informalities is withdrawn in light of the amended drawings filed.

Specification

The objections to the abstract and the disclosure for informalities are withdrawn in light of the amendments to the abstract and specification.  Applicant’s cooperation is again requested in correcting any other errors of which applicant may become aware in the specification.
The objection to the specification for failure to provide proper antecedent basis for the claimed subject matter is NOT withdrawn, because the amendments to the claims have raised new issues, as detailed below.
The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required:  Independent Claims 1 and 11 have been amended to recite “identifying a network as the unsecure network”.  There appears to be no mention of such an identification in the specification, and therefore, there is not clearly proper antecedent basis for the claimed subject matter.  For further detail, see below with respect to the rejection under 35 U.S.C. 112(a) for failure to comply with the written description requirement.

Claim Objections

Claims 13 and 20 are objected to because of the following informalities:  
In Claim 13, line 2, “a” should be replaced with “an” before “elliptic curve Diffie-Hellman algorithm”.
In Claim 20, line 20, “an” should be deleted before “unsuccessfully authenticating”, or alternately the phrase should read “an unsuccessful authentication”.
Appropriate correction is required.

 Claim Rejections - 35 USC § 101

The rejection of Claims 1-20 under 35 U.S.C. 101 as directed to abstract ideas without significantly more is withdrawn in light of the amendments to the claims.  In particular, the steps of granting or denying access are considered to integrate the recited abstract ideas into a practical application as per Step 2A, Prong Two.  (The claims are still considered to recite several abstract ideas, including mathematical concepts of generating a key and calculating a function of a key, and mental processes of the verification comparison and time comparison, contrary to Applicant’s arguments at pages 23-33 of the present response.)

Claim Rejections - 35 USC § 112

The rejections of Claims 1-20 under 35 U.S.C. 112(a) for failure to comply with the written description requirement and under 35 U.S.C. 112(b) as indefinite are NOT withdrawn, because not all issues have been addressed and/or because the amendments have raised new issues, as detailed below.
The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-19 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Independent Claims 1 and 11 have been amended to recite “identifying a network as the unsecure network”.  Although Applicant points to paragraphs 0015-0018, 0029, 0033, 0034, and 0036-0038 of the specification for support of the amended claims (see pages 23 and 36 of the present response), there appears to be no mention of identifying any network, unsecure or otherwise, in these paragraphs or elsewhere in the specification.  Although the specification describes identifying credentials in paragraph 0015 and identifying tokens in paragraph 0016, there appears to be no mention of identifying an unsecure network.  Therefore, there is not clear written description of the claimed subject matter in the specification.
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.

The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “the secure service requires validation the device is trusted to access the secure service” in lines 4-5.  This is grammatically unclear and appears to be missing language such as “that” or “whether” after the word “validation”.  The claim further recites “comparing a receipt time, at the server, of the one-time activation to a timestamp associated with generation of the device registration token and determining that the receipt time is within an allowed time frame” in lines 15-18.  It is not clear how determining that the receipt time is within an allowed time frame is related to the comparison of the receipt time and the timestamp; for example, it is not clear how the allowed time frame may be related to the timestamp, or what other calculations or comparisons might be required to make the determination that the receipt time is within the allowed time frame.  The claim additionally recites “successfully authenticating” in line 19 and “unsuccessfully authenticating” in line 20.  The terms “successfully” and “unsuccessfully” are relative or subjective terms that have not been clearly defined in the claims or specification.  That is, it is not clear what is required for the authentication to be successful.  The above ambiguities render the claim indefinite.
Claim 2 recites “a device shared registration key” in line 2.  It is not clear whether this is the same key as the “shared registration key” of Claim 1 or if it is a distinct key.
Claim 11 recites “the device” in lines 7, 8, 11, 16, 17, 11, and 23.  It is not clear whether this is intended to refer to the memory device of line 3 or “a device” of line 4.  The claim further recites “the secure service requires validation the device is trusted to access the secure service” in lines 6-7.  This is grammatically unclear and appears to be missing language such as “that” or “whether” after the word “validation”.  The claim additionally recites “comparing a receipt time, at the server, of the one-time activation to a timestamp associated with generation of the device registration token and determining that the receipt time is within an allowed time frame” in lines 18-21.  It is not clear how determining that the receipt time is within an allowed time frame is related to the comparison of the receipt time and the timestamp; for example, it is not clear how the allowed time frame may be related to the timestamp, or what other calculations or comparisons might be required to make the determination that the receipt time is within the allowed time frame.  The claim also recites “successfully authenticating” in line 22 and “unsuccessfully authenticating” in line 23.  The terms “successfully” and “unsuccessfully” are relative or subjective terms that have not been clearly defined in the claims or specification.  That is, it is not clear what is required for the authentication to be successful.  The above ambiguities render the claim indefinite.
Claim 12 recites “the device” in lines 2 and 3.  It is not clear whether this is intended to refer to the memory device or the device of Claim 11, line 4.  Claim 12 further recites “a device shared registration key” in lines 2-3.  It is not clear whether this is the same key as the “shared registration key” in Claim 11 or if it is a distinct key
Claim 13 recites “the device” in line 3.  It is not clear whether this is intended to refer to the memory device or the device of Claim 11, line 4.  
Claim 17 recites “the device” in line 2.  It is not clear whether this is intended to refer to the memory device or the device of Claim 11, line 4.
Claim 20 recites “the device” in lines 6, 8, 13, 14, 19, and 20.  It is not clear whether this is intended to refer to the storage device of line 2 or “a device” of line 4.  The claim further recites “comparing a receipt time, at the server, of the one-time activation to a timestamp associated with generation of the device registration token and determining that the receipt time is within an allowed time frame” in lines 15-18.  It is not clear how determining that the receipt time is within an allowed time frame is related to the comparison of the receipt time and the timestamp; for example, it is not clear how the allowed time frame may be related to the timestamp, or what other calculations or comparisons might be required to make the determination that the receipt time is within the allowed time frame.  The claim additionally recites “successfully authenticating” in line 19 and “unsuccessfully authenticating” in line 20.  The terms “successfully” and “unsuccessfully” are relative or subjective terms that have not been clearly defined in the claims or specification.  That is, it is not clear what is required for the authentication to be successful.  The above ambiguities render the claim indefinite
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Heller et al, US Patent 9419852, in view of Vachon, US Patent Application Publication 2020/0302043.
In reference to Claim 1, Heller discloses a method that includes receiving at a server a request for device authentication that includes a unique device registration token, where the request is for access to a secure service corresponding to the server and the service requires validation that the device is trusted to access the service (see column 6, lines 7-32, request; column 8, lines 65-67, tokens provided); generating a shared registration key using the device registration token (column 11, lines 1-15); verifying the device registration token by comparing the token to a function of the shared key (column 11, line 1-column 12, line 26; see also column 4, lines 18-56); responsive to verifying, producing and sending an activation token to the device and authenticating the device for access, and granting access responsive to a successful authentication and denying access responsive to an unsuccessful authentication (again, see column 11, line 1-column 12, line 26; see also column 4, lines 18-56).  However, Heller does not explicitly disclose that the activation token is one-time or comparing a receipt time to a timestamp.
Vachon discloses a method that includes authentication using a token (paragraph 0028, for example); producing and sending a one-time activation token to a device (paragraphs 0039-0047); and authenticating the device for access by comparing a receipt time to a timestamp and determining whether the receipt time is within an allowed time frame (see paragraph 0040), as well as generating a key using a token and private key (see paragraphs 0102-0105).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the method of Heller to include the one-time token and time comparison of Vachon, in order to facilitate offline authentication (see Vachon, paragraph 0012).
In reference to Claim 2, Heller and Vachon further disclose generating the registration token at the device based on a key generated at the device (see Heller, column 11, lines 1-15).
In reference to Claims 3 and 4, Heller and Vachon further disclose using elliptic curve Diffie-Hellman to generate the keys (see Vachon, paragraphs 0102-0105, for example).
In reference to Claims 5 and 6, Heller and Vachon further disclose a function based on a device identifier and nonce (see Vachon, paragraphs 0044-0047).
In reference to Claims 7 and 8, Heller and Vachon further disclose a sequence number or counter (see Vachon, paragraphs 0092-0093, use of counters).
In reference to Claim 9, Heller and Vachon further disclose a timestamp for verification (see Vachon, paragraphs 0094-0099).
In reference to Claim 10, Heller and Vachon further disclose a database of public keys (see Vachon, paragraph 0080).

Claims 11-19 are directed to devices having functionality corresponding substantially to the methods of Claims 1-9, and are rejected by a similar rationale, mutatis mutandis.
Claim 20 is directed to a software implementation of the method of Claim 1, and is rejected by a similar rationale.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:30am-6:00pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Zachary A. Davis/Primary Examiner, Art Unit 2492