Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments, filed on 06/14/2022, have been fully considered but they are not persuasive. 

Regarding independent claims 1 and 11:
Applicant submitted that the cited references fail to disclose or suggest "negotiating an encryption key with the second node, generating a first token for communication with the second node, wherein the first token is generated based on the encryption key, and wherein the first token comprises a first token value," as recited in the independent claims. See Remarks 8-9. The Examiner respectfully disagrees.
The combination of Kumar in view of Ford, particularly Ford discloses (Fig. 53) a sender client 5304 for sending a document securely to the receiver client 5306. (i.e. a first node in communication with a second node). 
Ford ([0348]) discloses that sender client 5304 may request to the secure managed key facility 5302 to send a document securely to the receiver client 5306. The secure managed key facility may then send both the sender client and the receiver client various certificates that enable or validate the secure communication of the file content from the sender client to the receiver client. (i.e. receiving a key exchange request from the second node).
Furthermore, Ford ([0385]) discloses to provide the content key to the sender client, have the sender client encrypt the content file with the content key, and send the receiver client the encrypted content file along with the content key, such as where communications are encrypted with a public key. (i.e. negotiating an encryption key with the second node).
Ford ([0420]) discloses that the encrypted per-object key may be stored (e.g., plus the IV and cipher parameters) for later use in decryption, in encryption of subsequent chunks, and the like. For each chunk to be encrypted (e.g., including the first), the counter value may be calculated using the formula where the counter equals a counter plus a block offset, where the block office may be a byte offset (e.g., much larger than 4). Since the block size may be 16 bytes, the block offset may be obtained by dividing by 16, shifting right 4 bits, and the like. When all chunks have been encrypted and stored, the chunks may be committed in a manner specified, such as by a Object Store API, so that all future accesses will be with respect to the complete object, no longer as individual chunks. If retrieval of a byte range that is not block-aligned is allowed, then the Asset Service may need to begin streaming (e.g., decrypting) from the nearest previous block boundary, discard the first bytes until the client's requested offset is reached, and read extra bytes beyond the desired length. (i.e. generating a first token for communication with the second node, wherein the first token is generated based on the encryption key, and wherein the first token comprises a first token value).


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 5, and 11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 1 recites “identifying a first portion of the first token value, wherein the first portion of the first token value comprises a first token state of the first token,” but fails to define what constitutes a “token state” and how the identifying of the portion corresponding to the “token state” is implemented.
Claim 1 recites “wherein the first inbound routing entry maps the first token state to the second node,” without defining the way the mapping is implemented.
The claim’s language is unclear in describing and defining the claimed invention, such that a person of ordinary skill in the art could not interpret the metes and bounds of the claim. The same rational applies to independent claim 11.

Claim 5 recites the limitation "the token" in line 1.  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.


Claims 1-2, 10-12, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. (US 20160142109) in view of Ford et al. (US 20180367506).

Regarding claim 1, Kumar discloses a method for communication by a first node (Fig. 3, 310, 380), comprising:
maintaining an inbound routing table (Fig. 3, routing tables 344; [0048]);
establishing a communication link with a second node via a first port (Fig. 2);
sending a discovery packet to the second node via the first port, wherein the discovery packet comprises a discovery token value (response to a polling command received from remote NFC device 380, the response can include an identification of the secure element. For example, a response to a RF Type-F polling command can include a NFCID2, which is an identification for Type-F technology. NFCID2 can be an 8-byte value that includes an indication of which protocol is supported (e.g., NFC-DEP or T3T); [0048-0049]);
generating a first token for communication with the second node, wherein the first token comprises a first token value (NFCID2 is an identification for Type-F technology and may be an 8-byte value that includes an indication of which protocol is supported (e.g., NFC-DEP or T3T); [0049]);
identifying a first portion of the first token value, wherein the first portion of the first token value comprises a first token state of the first token (Fig. 4, NFCID2 is an identification for Type-F technology and may be an 8-byte value that includes an indication of which protocol is supported (e.g., NFC-DEP or T3T); [0049]); and
adding a first inbound routing entry to the inbound routing table, wherein the first inbound routing entry maps the first token state to the second node (routing component 342 can extract the NFCID2 from the SENSF_RES response and add an entry to NFCID2 table 344c; [0049]).
Kumar does not expressly disclose receiving a key exchange request from the second node; negotiating an encryption key with the second node; and wherein the first token is generated based on the encryption key.
In an analogous art, Ford discloses receiving a key exchange request from the second node (sender client 5304 may request to the secure managed key facility 5302 to send a document securely to the receiver client 5306. The secure managed key facility may then send both the sender client and the receiver client various certificates that enable or validate the secure communication of the file content from the sender client to the receiver client; [0348]);
negotiating an encryption key with the second node (provide the content key to the sender client, have the sender client encrypt the content file with the content key, and send the receiver client the encrypted content file along with the content key, such as where communications are encrypted with a public key; [0385]); and 
wherein the first token is generated based on the encryption key (The encrypted per-object key may be stored (e.g., plus the IV and cipher parameters) for later use in decryption, in encryption of subsequent chunks, and the like. For each chunk to be encrypted (e.g., including the first), the counter value may be calculated using the formula where the counter equals a counter plus a block offset, where the block office may be a byte offset (e.g., much larger than 4). Since the block size may be 16 bytes, the block offset may be obtained by dividing by 16, shifting right 4 bits, and the like. When all chunks have been encrypted and stored, the chunks may be committed in a manner specified, such as by a Object Store API, so that all future accesses will be with respect to the complete object, no longer as individual chunks. If retrieval of a byte range that is not block-aligned is allowed, then the Asset Service may need to begin streaming (e.g., decrypting) from the nearest previous block boundary, discard the first bytes until the client's requested offset is reached, and read extra bytes beyond the desired length; [0420]).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to add the features taught by Ford to the system of Kumar in order to allow secure exchange system facilities to be customized for each user access of the secure system (Ford; [0077]).

Regarding claim 2, the combination of Kumar and Ford, particularly Ford discloses negotiating a session nonce with the second node (Data may be exchanged through a bearer token, a nonce, or randomly generated sequence, generated by the Session Service, issued to application sessions whose user and application have both been authenticated. A Bearer Token may be provided in service requests made by the application on behalf of the user, such as having a specific timeout duration; [0445]); and
negotiating a position offset bit value with the second node (For each chunk to be encrypted (e.g., including the first), the counter value may be calculated using the formula where the counter equals a counter plus a block offset, where the block office may be a byte offset (e.g., much larger than 4). Since the block size may be 16 bytes, the block offset may be obtained by dividing by 16, shifting right 4 bits, and the like; [0420]), 
wherein the first token is generated based on the encryption key, the session nonce, and the position offset bit value, and wherein the first token is cryptographically secured using the encryption key (The encrypted per-object key may be stored (e.g., plus the IV and cipher parameters) for later use in decryption, in encryption of subsequent chunks, and the like. For each chunk to be encrypted (e.g., including the first), the counter value may be calculated using the formula where the counter equals a counter plus a block offset, where the block office may be a byte offset (e.g., much larger than 4). Since the block size may be 16 bytes, the block offset may be obtained by dividing by 16, shifting right 4 bits, and the like. When all chunks have been encrypted and stored, the chunks may be committed in a manner specified, such as by a Object Store API, so that all future accesses will be with respect to the complete object, no longer as individual chunks. If retrieval of a byte range that is not block-aligned is allowed, then the Asset Service may need to begin streaming (e.g., decrypting) from the nearest previous block boundary, discard the first bytes until the client's requested offset is reached, and read extra bytes beyond the desired length; [0420]).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to add the features taught by Ford to the system of Kumar in order to allow secure exchange system facilities to be customized for each user access of the secure system (Ford; [0077]).

Regarding claim 10, the combination of Kumar and Ford, particularly Kumar discloses wherein the communication link is one of a hardware link or a wireless link (FIG. 1 illustrates a wireless transmission or charging system 100; [0027]).

Regarding claim 11, the claim is interpreted and rejected for the reasons cited in claim 1.
Regarding claim 12, the claim is interpreted and rejected for the reasons cited in claim 2.
Regarding claim 20, the claim is interpreted and rejected for the reasons cited in claim 10.

Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar in view of Ford and in view of Cui et al. (US 20190274086).

Regarding claim 3, the combination of Kumar and Ford, particularly Kumar discloses maintaining an outbound routing table (Fig. 3, routing tables 344; [0048]);
adding a first outbound routing entry to the outbound routing table, wherein the first outbound routing entry maps the second node to the first token state (routing component 342 can extract the NFCID2 from the SENSF_RES response and add an entry to NFCID2 table 344c; [0049]).
The combination of Kumar and Ford does not expressly disclose adding a second outbound routing entry to the outbound routing table, wherein the second outbound routing entry maps the first token state to the first port.
In an analogous art, Cui discloses adding a second outbound routing entry to the outbound routing table, wherein the second outbound routing entry maps the first token state to the first port (SDN controller 102 configures the forwarding table associated with the RAN AP 113. The action of the RAN AP forwarding match action table is as follows: [0053] Uplink: When sending packets to the server, based on UE-ID and/or AS-ID/or AS-IP address, the RAN AP add the routing tag and forward the packet out to an output port. Typically the RAN AP has a cache on AS-ID to AS IP address mapping. The routing tag is added to the packet to indicates the routing and service chaining vector information (i.e. the sequence of the routers/service nodes) in each packet so that the packet go through the same route to the SE or SCEF without the explicit connection-oriented signaling protocol. By using the tag, no tunnel is required. [0054] Downlink: When sending packets to the device, the AP calculates the device wake up time and send the message over-the-air when the device is awake and listens to the air interface. The RAN temp-ID is included so that the device knows the message is for itself. In order to support confidentially, a device unique key and a RAN temp-ID can be the input to a ciphering algorithm; [0052]).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to add the features taught by Cui to the system of Kumar and Ford in order to allows the benefits of connectionless concept to be realized for any types of the end devices and addressing schemes they may use (Cui; [0008]).

Regarding claim 13, the claim is interpreted and rejected for the reasons cited in claim 3.

Claims 5-9 and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar in view of Ford and in view of Hao et al. (US 20130074168).

Regarding claim 5, the combination of Kumar and Ford does not expressly disclose wherein the token comprises a deterministic random number, wherein the first token has a plurality of token states, and wherein each token state corresponds to a disparate token value.
In an analogous art, Hao discloses wherein the token comprises a deterministic random number (secret data may be, for example, a random number or a predefined constant parameter for server communication efficiency that only application server 130 may understand, such as a type of service being embedded into the parameters; [0045]), 
wherein the first token has a plurality of token states, and wherein each token state corresponds to a disparate token value (hash value for device-token 460 may include the UDID, the user ID, secret data, and an expiration time 462. The UDID and the user ID may be the values included by user device 110 in provisioning request 430; [0045]).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to add the features taught by Hao to the system of Kumar and Ford in order to enable reliable and secure applications on a public network (Hao; [0011]).

Regarding claim 6, the combination of Kumar, Ford, and Hao, particularly Hao discloses wherein the token state changes with each communication, wherein the token state ratchets with each communication according to a ratcheting algorithm (Expiration time 462 may be a date and time or a time period after which the device-token is set to expire. Expiration time 462 may be a value configured by, for example, a network administrator based on remote network access and travel tendencies of users. In one implementation, expiration time 462 may be configured differently for each mobile application 420. In one implementation, application server 130 may store device-token 460 locally (e.g., in memory 340) and forward device-token 460 and expiration time 462 to user device 110. In another implementation, application server 130 may store the hash algorithm and expiration date 462, but not the actual device-token 460; 0045).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to add the features taught by Hao to the system of Kumar and Ford in order to enable reliable and secure applications on a public network (Hao; [0011]).

Regarding claim 7, the combination of Kumar, Ford, and Hao, particularly Hao discloses establishing a secure channel with the second node using the first token (after user device 110 is authenticated, streaming server 150 may securely stream video content (e.g., via the streaming URL) directly to user device 110; 0019).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to add the features taught by Hao to the system of Kumar and Ford in order to enable reliable and secure applications on a public network (Hao; [0011]).

Regarding claim 8, the combination of Kumar, Ford, and Hao, particularly Hao discloses wherein the secure channel is maintained based at least in part on the token state of the first node being synchronized with a token state of the second node (device server 140/application server 130 validate device-token 460 and operating PIN 480, device server 140 may return a content URL 530 (e.g., for particular streaming content requested by the user) and a key-token 532 to user device 110. Key-token 532 may include, for example, a unique alpha-numeric character string or hash value that includes a combination of user identification and secret data. Device server 140 may set key-token 532 for one-time use for a particular content stream. Once key-token 532 is used by user device 110 to start a streaming session, key-token 532 may be expired to prevent additional uses; [0050]).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to add the features taught by Hao to the system of Kumar and Ford in order to enable reliable and secure applications on a public network (Hao; [0011]).

Regarding claim 9, the combination of Kumar, Ford, and Hao, particularly Hao discloses generating a new token state for each communication via the secure channel (When device-token 460 expires, user device 110 may obtain a new device-token 460 in order to continue to use mobile application 420; [0054]).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to add the features taught by Hao to the system of Kumar and Ford in order to enable reliable and secure applications on a public network (Hao; [0011]).

Regarding claim 15, the claim is interpreted and rejected for the reasons cited in claim 5.
Regarding claim 16, the claim is interpreted and rejected for the reasons cited in claim 6.
Regarding claim 17, the claim is interpreted and rejected for the reasons cited in claim 7.
Regarding claim 18, the claim is interpreted and rejected for the reasons cited in claim 8.
Regarding claim 19, the claim is interpreted and rejected for the reasons cited in claim 9.

Allowable Subject Matter
Claims 4 and 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim 4, if rewritten in independent form including all of the limitations of the base claim and any intervening claims and addressing any applicable rejection/objection raised above, would comprise a combination of elements which is not taught by the prior art of record. The same reasoning applies to dependent claim 14 mutatis mutandis.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
O'Donoghue et al. (US 8923763), “Methods And Apparatuses For Reducing The Nonvolatile Memory Used To Support Application Identifier Routing In An NFC.”
Geslin et al. (US 20140256252), “Near-Field Communications And Routing.”
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OUSSAMA ROUDANI whose telephone number is (571)272-4727. The examiner can normally be reached 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, UN C CHO can be reached on (571) 272 7919. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/OUSSAMA ROUDANI/Primary Examiner, Art Unit 2413