Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is in response to the claims filed 4/16/2021.  Claims 1 (a machine), 8 (a non-transitory CRM), and 15 (a method) are independent.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-3, 5-17, 19 and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,999,064. Although the claims at issue are not identical, they are not patentably distinct from each other because the patented claims of ‘064 anticipate the pending claims.
Pending claim 1
Claims 1, 8, and 15 of 10,999,064
receive, from a network device, information that identifies a user device, based on the user device being authenticated by the network device;
receive, from a network device, information that identifies a user device and comprises four-tuple information for the user device,… the network device to provide, to the device, the information that identifies the user device based on authenticating the user device;
receive, from the user device, a session identifier and a request for a first token, where the session identifier is generated by a server device and provided to the user device;
receive, from the user device, a request for a first token, a server device to generate a session identifier,…  the request for the first token including the encrypted information that includes the session identifier
generate the first token based on the session identifier and the information that identifies the user device;
generate the first token based on decrypting the encrypted information that includes the session identifier and the four-tuple information;
and provide, to the user device, information that identifies the first token, the user device to provide, to the server device, the information that identifies the first token
provide, to the user device, information that identifies the first token and the session identifier,
the user device to provide, to the server device, a registration request that includes information that identifies the first token
the server device to compare the first token and a second token generated by the server device based on information associated with the user device and the session identifier
the server device to compare the first token and the second token, 

generate the first token based on decrypting the encrypted information that includes the session identifier and the four-tuple information;
and the server device, based on comparing the first token and the second token, to enable the user device to receive content associated with the server device.
the device identifier to enable the user device to receive content associated with the server device.


Claims 8 and 15 have similar scope to claim 1.
Presently presented dependent claims are analogous to the corresponding claims of ‘064.
	Presently presented claims 2, 12, 13 corresponds to claim 1.
	Presently presented claims 3 corresponds to claim 2.  Claim 9 corresponds to claims 1 and 2.
	Presently presented claims 5, 14, corresponds to claim 5.
	Presently presented claims 6 corresponds to claim 7.
	Presently presented claims 7, and 19 corresponds to claim 7.
	Presently presented claims 10, 11 corresponds to claim 3.
	Presently presented claims 16 and 17 corresponds to claim 10.
	Presently presented claim 20 corresponds to claim 6.

Claims 1,3, 5, 8-11, and 14-17, are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,341,864. Although the claims at issue are not identical, they are not patentably distinct from each other because the patented claims of ‘064 anticipate the pending claims.
Pending claim 1
Claims 1, 8, and 15 of 10,341,864
receive, from a network device, information that identifies a user device, based on the user device being authenticated by the network device;
receive, from a network device, information that identifies a user device,
…
the network device to authenticate the user device based on the user device accessing the radio access network,
receive, from the user device, a session identifier and a request for a first token, where the session identifier is generated by a server device and provided to the user device;
receive, from the user device, a request for a first token,
…
the server device to provide, to the user device, information that identifies the encrypted session identifier, and
the request including the information that identifies the encrypted session identifier;
generate the first token based on the session identifier and the information that identifies the user device;
generate the first token based on the information that identifies the user device and the session identifier;
and provide, to the user device, information that identifies the first token, the user device to provide, to the server device, the information that identifies the first token
provide, to the user device, information that identifies the encrypted first token,
the user device to provide, to the server device, a registration request that includes information that identifies the encrypted first token,
the server device to compare the first token and a second token generated by the server device based on information associated with the user device and the session identifier
the server device to generate a second token based on other information associated with the user device and the session identifier,
the server device to compare the first token and the second token,
and the server device, based on comparing the first token and the second token, to enable the user device to receive content associated with the server device.
the server device to provide, to the user device, a device identifier based on comparing the first token and the second token, and
the device identifier to enable the user device to receive content associated with the server device.


Claims 8 and 15 have similar scope to claim 1.
Presently presented dependent claims are analogous to the corresponding claims of ‘864.
	Presently presented claims 3 corresponds to claim 3.  Claim 9 corresponds to claims 1 and 3.
	Presently presented claims 5, 11, 14, corresponds to claim 4.
	Presently presented claims 16 and 17 corresponds to claim 4.

Note regarding Yin et al., US 2017/0063838 (published on March 2, 2017).  Per MPEP 2153.01(a) the Yin reference is applied as art because Yin has additional inventors not named in the present application.  Thus, the Yin reference is considered “by others” under 35 U.S.C. § 102(a)(1).  However, Per MPEP 2153.01(a), Applicant may exempt the Yin reference from the prior art by filing an affidavit or declaration under 37 CFR 1.130 to establish that the Yin reference is the inventors (Yin’s) own work.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Yin et al., US 2017/0063838 (published March 2, 2017).
As to claims 1, 8, and 15, Yin discloses a machine/CRM/method comprising:
one or more processors configured to: (see Yin Figure 3, and ¶ 35)
receive, from a network device, (See Yin Figure 2. a mobile device communicating with network entities through an LTE network.  “LTE core network 200 further includes a mobility management server 240, a serving gateway 245, a packet gateway 250, and enforcement server(s) 110.” Yin ¶ 31, the plurality of devices forming the LTE network) information that identifies a user device, (“FIG. 12 depicts enforcement server(s) 110 sending a session record 1240, including the MDN, srcIP, srcPort, dstIP, dstPort, and app-ID, to authentication server(s) 115.” Yin ¶ 67. Also Yin ¶ 62 discussing establishing the IP session) based on the user device being authenticated by the network device; (“The authentication service extends Universal Integrated Circuit Card (UICC) or Subscriber Identity Module (SIM) based mobile subscriber authentication and authorization based on the establishment of an IP connection session via a packet gateway of the cellular network.” Yin ¶ 17. Also Yin ¶ 62: “Mobile device 105 first performs a “device network attach” in accordance with the PLMN network protocols (e.g., 4G LTE)” the attachment is an authentication.)
receive, from the user device, a session identifier and a request for a first token, (“sends a request for an authentication token, including app-ID and [SID]visp-pubkey, to authentication server(s)… third party mobile app 155 sends the request message 1410 to enforcement server(s) 110 which, in turn, forwards the message to authentication server(s) 125.” Yin ¶ 71. See Figs. 13-14. SID is session identifier)
where the session identifier is generated by a server device and provided to the user device; (“Third party app server(s) 125 sends a "not authorized" error code to mobile device 105, including the app-ID and [SID]visp-pubkey (block 1310).” Yin ¶ 70. SID is session id.)
generate the first token based on the session identifier (SID) and the information that identifies the user device (e.g. srcIP); and (“Authentication server(s) 115 obtains a hash (HMAC) of [app-ID, SID, srcIP, srcPort, dstIP, dstPort] (FIG. 13B, block 1335) and encrypts SID and the obtained HMAC using app-pubkey to produce [SID, HMAC]app-pubkey (block 1340).” Yin ¶ 74.  The HMAC being the token, generated in response to the request for authentication token in Yin ¶ 71)
provide, to the user device, information that identifies the first token, (“FIG. 14A depicts authentication server(s) 115 sending a message 1425 that includes the app-ID and encrypted SID and HMAC ([SID, HMAC]app-pubkey) to mobile device 105.” Yin ¶ 74.)
the user device to provide, to the server device (third party app server), the information that identifies the first token, (“FIG. 14B depicts third party mobile app 155 at mobile device 105 sending a request session message 1427, including the app-ID and encrypted SID and HMAC, to enforcement server(s) 110.” Yin ¶ 75)
the server device to compare the first token and a second token (“Third party app server(s) 125 compares the determined hash HMAC from block 1365 with the decrypted HMAC from the received and decrypted HMAC of block 1360 (FIG. 13C, block 1370).” Yin ¶ 76) generated by the server device based on information associated with the user device and the session identifier, and (“Third party app server(s) 125 uses a same hash algorithm, used in block 1335, to determine the hash of the block of data that includes app-ID, SID, srcIP, srcPort, dstIP, and dstPort.” Yin ¶ 76)
the server device, based on comparing the first token and the second token, to enable the user device to receive content associated with the server device. (“If the comparison indicates a match, third party app server(s) 125 creates a session token {TOKEN} for the third party mobile app 155 (block 1375)…. third party app server(s) 125 may grant a session token to mobile device 105 such that mobile device 105 can access third party app server(s) 125 via server APIs.” Yin ¶ 77)

	As to claim 2, Yin discloses the machine of claim 1 and further discloses:
where the one or more processors are configured to generate the first token further based on information identifying, for the user device, one or more of: a source Internet Protocol (IP) address; a destination IP address; a source port identifier; or a destination port identifier. (“Authentication server(s) 115 obtains a hash (HMAC) of [app-ID, SID, srcIP, srcPort, dstIP, dstPort] (FIG. 13B, block 1335) and encrypts SID and the obtained HMAC using app-pubkey to produce [SID, HMAC]app-pubkey (block 1340).” Yin ¶ 74.  The HMAC being the token, generated in response to the request for authentication token in Yin ¶ 71).

	As to claim 3, Yin discloses the machine of claim 1 and further discloses:
where the request for the first token includes an application identifier; (“sends a request for an authentication token, including app-ID and [SID]visp-pubkey, to authentication server(s)… ” Yin ¶ 71. See Figs. 13-14. SID is session identifier) and 
where the one or more processors are configured to determine the session identifier based on the application identifier. (“authentication server(s) 125 indexes authentication server provisioning table 400 with the app-ID to retrieve visp-privkey and app-pubkey (block 1325)…. authentication server(s) 115 decrypts [SID]visp-pubkey using visp-privkey to obtain the session identifier SID (block 1330).” Yin ¶¶ 72-73).

	As to claim 4, Yin discloses the machine of claim 1 and further discloses:
store, in a flow table, the application identifier and the information that identifies the user device, and information that identifies, for the user device, one or more of. a source Internet Protocol (IP) address; a destination IP address; a source port identifier; or a destination port identifier. (“Authentication server(s) 125 indexes authentication server device session record table 500 with the app-ID to retrieve srcIP, srcPort, dstIP, and dstPort (block 1320).” Yin ¶ 71)


	As to claim 5, Yin discloses the machine of claim 1 and further discloses:
where the application identifier is identified by the network device based on information contained in a packet received from the user device. (“Third party mobile app 155, at mobile device 105, sends a session IP packet, including dstIP and dstPort, to enforcement server(s) 110 (block 1115). …. Enforcement server(s) 110 performs a lookup in enforcement server provisioning table 600, using destIP and dstPort, to retrieve the app-ID (block 1120).” Yin ¶ 64. See also Yin ¶ 67)

	As to claim 6, Yin discloses the machine of claim 1 and further discloses:
where the one or more processors are further configured to: identify a mobile directory number of the user device based in part on the application identifier.
(“authentication server 115 indexes AS device session record table 500 with the app-ID from the session record to locate the record 505 having a value in app ID field 535 that matches the app-ID. Authentication server 115 stores dstIP, dstPort, srcIP, srcPort, and MDN in destination address field 510, destination port 515, source address field 520, source port field 525, and MDN field 530, respectively. FIG. 12 depicts authentication server(s) 115 updating 1245 MDN, srcIP, srcPort, dstIP, dstPort, app-ID in the AS device session record table 500” Yin ¶ 67. See also Yin Figures 11a-b) 

	As to claim 7, Yin discloses the machine of claim 1 and further discloses:
where the one or more processors are further configured to: receive, from the network device, (“Third party mobile app 155, at mobile device 105, engages in MDN IP session establishment with packet gateway 250 (block 1100)” Yin ¶ 62) information that identifies a mobile directory number of the user device, (“Enforcement server(s) 110 performs a lookup in enforcement server provisioning table 600, using destIP and dstPort, to retrieve the app-ID (block 1120).” Yin ¶ 64) where the mobile directory number is identified by the network device based on information contained in a packet received from the user device. (“Enforcement server(s) 110 performs a lookup in enforcement server device session record table 700, using srcIP, to retrieve the MDN (block 1125).” Yin ¶ 65. See generally Yin Figures 11a-b and supporting description.) 

	As to claim 9, Yin discloses the CRM of claim 8 and further discloses:
where the request for the first token includes an application identifier; (“sends a request for an authentication token, including app-ID and [SID]visp-pubkey, to authentication server(s)… ” Yin ¶ 71. See Figs. 13-14. SID is session identifier)
and where the one or more instructions, that cause the one or more processors to generate the first token, cause the one or more processors to: generate the first token further based on the application identifier; (“Authentication server(s) 115 obtains a hash (HMAC) of [app-ID, SID, srcIP, srcPort, dstIP, dstPort] (FIG. 13B, block 1335) and encrypts SID and the obtained HMAC using app-pubkey to produce [SID, HMAC]app-pubkey (block 1340).” Yin ¶ 74.  The HMAC being the token, generated in response to the request for authentication token in Yin ¶ 71) and determine the session identifier based on the application identifier. (“authentication server(s) 125 indexes authentication server provisioning table 400 with the app-ID to retrieve visp-privkey and app-pubkey (block 1325)…. authentication server(s) 115 decrypts [SID]visp-pubkey using visp-privkey to obtain the session identifier SID (block 1330).” Yin ¶¶ 72-73).

	As to claim 10, Yin discloses the CRM of claim 8 and further discloses:
where the first token is generated based on one or more of: an application identifier, a session identifier, a mobile directory number of the user device, or four-tuple information received from the network device. (see claim 9)

	As to claim 11, Yin discloses the CRM of claim 8 and further discloses:
the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: 
receive, from the network device, information that identifies an application identifier and information that identifies the server device; and (“third party mobile app 155 sends the request message 1410 to enforcement server(s) 110 which, in turn, forwards the message to authentication server(s) 125. Authentication server(s) 125 indexes authentication server device session record table 500 with the app-ID to retrieve srcIP, srcPort, dstIP, and dstPort (block 1320)” Yin ¶ 71)
where the one or more instructions, that cause the one or more processors to generate the first token, cause the one or more processors to: generate the first token based on the information that identifies the application identifier and the information that identifies the server device. (“Authentication server(s) 115 obtains a hash (HMAC) of [app-ID, SID, srcIP, srcPort, dstIP, dstPort] (FIG. 13B, block 1335) and encrypts SID and the obtained HMAC using app-pubkey to produce [SID, HMAC]app-pubkey (block 1340).” Yin ¶ 74.  The HMAC being the token, generated in response to the request for authentication token in Yin ¶ 71. dstIP being the information identifying the server device.)

	As to claim 12, Yin discloses the CRM of claim 8 and further discloses:
where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: 
generate the first token based on four-tuple information associated with the user device and the server device. (“Authentication server(s) 115 obtains a hash (HMAC) of [app-ID, SID, srcIP, srcPort, dstIP, dstPort] (FIG. 13B, block 1335) and encrypts SID and the obtained HMAC using app-pubkey to produce [SID, HMAC]app-pubkey (block 1340).” Yin ¶ 74.  The HMAC being the token, generated in response to the request for authentication token in Yin ¶ 71).

	As to claim 13, Yin discloses the CRM of claim 12 and further discloses:
where the four-tuple information comprises one or more of: a source Internet Protocol (IP) address; a destination IP address; a source port identifier; or a destination port identifier. (“Authentication server(s) 115 obtains a hash (HMAC) of [app-ID, SID, srcIP, srcPort, dstIP, dstPort] (FIG. 13B, block 1335) and encrypts SID and the obtained HMAC using app-pubkey to produce [SID, HMAC]app-pubkey (block 1340).” Yin ¶ 74.  The HMAC being the token, generated in response to the request for authentication token in Yin ¶ 71).

	As to claim 14, Yin discloses the CRM of claim 8 and further discloses:
where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: receive, from the network device, information that identifies an application identifier, where the application identifier is identified by the network device based on information contained in a packet received from the user device. (“Third party mobile app 155, at mobile device 105, sends a session IP packet, including dstIP and dstPort, to enforcement server(s) 110 (block 1115). …. Enforcement server(s) 110 performs a lookup in enforcement server provisioning table 600, using destIP and dstPort, to retrieve the app-ID (block 1120).” Yin ¶ 64. See also Yin ¶ 67 and Yin Figure 2.)

	As to claim 16, Yin discloses the method of claim 15 and further discloses:
generating the first token further based on information received from the user device that identifies an application identifier (“Third party mobile app 155, executing at mobile device 105, sends a request for an authentication token, including app-ID and {SID}visp-pubkey, to authentication server(s) 125 (block 1315)…. Authentication server(s) 125 indexes authentication server device session record table 500 with the app-ID to retrieve srcIP, srcPort, dstIP, and dstPort (block 1320).” Yin ¶ 71) and the server device. (“Authentication server(s) 115 obtains a hash (HMAC) of [app-ID, SID, srcIP, srcPort, dstIP, dstPort] (FIG. 13B, block 1335) and encrypts SID and the obtained HMAC using app-pubkey to produce [SID, HMAC]app-pubkey (block 1340).” Yin ¶ 74.  The HMAC being the token, generated in response to the request for authentication token in Yin ¶ 71. dstIP being the information identifying the server device.)

	As to claim 17, Yin discloses the method of claim 15 and further discloses:
receiving, from the network device, information that identifies an application identifier, the user device, and the server device; and (“third party mobile app 155 sends the request message 1410 to enforcement server(s) 110 which, in turn, forwards the message to authentication server(s) 125. Authentication server(s) 125 indexes authentication server device session record table 500 with the app-ID to retrieve srcIP, srcPort, dstIP, and dstPort (block 1320)” Yin ¶ 71)
where generating the first token further comprises: generating the first token based on the information that identifies the application identifier and the server device. (“Authentication server(s) 115 obtains a hash (HMAC) of [app-ID, SID, srcIP, srcPort, dstIP, dstPort] (FIG. 13B, block 1335) and encrypts SID and the obtained HMAC using app-pubkey to produce [SID, HMAC]app-pubkey (block 1340).” Yin ¶ 74.  The HMAC being the token, generated in response to the request for authentication token in Yin ¶ 71. dstIP being the information identifying the server device.)

	As to claim 18, Yin discloses the method of claim 17 and further discloses:
identifying a mobile directory number of the user device based on the information that identifies the application identifier, the user device, and the server device. (“authentication server 115 indexes AS device session record table 500 with the app-ID from the session record to locate the record 505 having a value in app ID field 535 that matches the app-ID. Authentication server 115 stores dstIP, dstPort, srcIP, srcPort, and MDN in destination address field 510, destination port 515, source address field 520, source port field 525, and MDN field 530, respectively. FIG. 12 depicts authentication server(s) 115 updating 1245 MDN, srcIP, srcPort, dstIP, dstPort, app-ID in the AS device session record table 500” Yin ¶ 67. See also Yin Figures 11a-b).

	As to claim 19, Yin discloses the method of claim 15 and further discloses:
where a mobile directory number of the user device is identified by the network device based on information contained in a packet received from the user device. (“Third party mobile app 155, at mobile device 105, sends a session IP packet, including dstIP and dstPort, to enforcement server(s) 110 (block 1115)…. FIG. 12 depicts mobile device 105 sending an IP packet 1215 to dstIP, dstPort of third party app server(s) 125, but the IP packet 1215 is first intercepted by enforcement server(s) 110.” Yin ¶ 64. “Enforcement server(s) 110 performs a lookup in enforcement server device session record table 700, using srcIP, to retrieve the MDN (block 1125).” Yin ¶ 65).

	As to claim 20, Yin discloses the method of claim 15 and further discloses:
receiving, from the network device, four-tuple information associated with the user device, where the four-tuple information comprises one or more of: a source Internet Protocol (IP) address, a destination IP address, a source port identifier, or a destination port identifier.  (“Enforcement server(s) 110 forwards a session record, which includes MDN, srcIP, srcPort, dstIP, dstPort, and app-ID, to authentication server(s) 115 (block 1150).” Yin ¶ 67)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, specifically:
Schmidt et al., US 2006/0123234, discloses providing a token in an intranet for accessing internet resources.
Ayyadvara et al., US 2018/0069702, discloses providing single sign on between networks with different authentication protocols. 
Bjorn, US 7,409,543 discloses using a third party authentication server. 
Pinski et al., US 2015/0106900 discloses associateing a device and session ID to geographic coordinates.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165. The examiner can normally be reached M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL W CHAO/Examiner, Art Unit 2492