Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

DETAILED ACTION
This is a reply to the application filed on 09/24/2020, in which, claim(s) 1-20 are pending. Claim(s) 1, 9 and 17 are independent.

Priority
Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d). Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/24/2020, has been reviewed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information disclosure statement.

Drawings
The drawings filed on 09/24/2020 are accepted by The Examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 9-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. 
 Claim 9 recites “A constrained node” in the preamble, and “a receiver”, “a processor” in the claim body. The claimed node lacks a structural component because “receiver” and “processor” can be implemented as software only. Therefore, Claim 9 is directed to non-statutory subject matter for lack of a hardware component. The Examiner respectfully suggests that the claim be further amended to positively recite at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101 such as “a hardware processor”. 
Dependent claims 10-16 don't cure the deficiency of Claim 9 and are rejected under 35 U.S.C. 101 for their dependency upon Claim 9.
Claim 17 is non-statutory under the most recent interpretation of the Interim Guidelines regarding 35 U.S.C.101 because claim 17 recites “A computer program product comprising instructions”. Therefore, Claim 17 is directed to non-statutory subject matter for lack of a hardware component. Examiner suggests amending the claim to say “A computer program product comprising a non-transitory storage medium” to positively recite at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101.
Claims 18-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. 


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 1-20 are non-provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over:
          Claims 1-14 of Patent 10,880,297.

Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1-20 are anticipated by claims 1-14 of Patent 10,880,297.
Patent No. 10,880,297 (15/639,248)  
Instant Application No.(17/031,061) 
Claim 1. A forwarding method for authentication information in an Internet of Things, wherein the method comprises: 

receiving, by a constrained node, authentication information from an Internet of Things client, wherein the constrained node is a network device with reduced computing, storage, power supply, and network communication bandwidth capabilities relative to neighboring network nodes; 
determining, by the constrained node, that the authentication information is received for a first time; 
verifying, by the constrained node, the authentication information when the authentication information is received for the first time, wherein verifying the authentication information comprises: 
obtaining, from the authentication information, a forward token delivered by an authorization server; 
obtaining time validity of the forward token from the forward token; 
determining that the forward token is a legitimate token when the forward token is within a valid period and a route between the constrained node and a resource server exists; and 
determining that the verification succeeds when the forward token is the legitimate token; 
forwarding, by the constrained node, the authentication information after the verification succeeds when the authentication information is received for the first time and when the authentication information is valid authentication information; 
discarding, by the constrained node, the authentication information when the authentication information is not valid; 
receiving, by the constrained node, the authentication information for a second time; and 
directly forwarding, by the constrained node, the authentication information without verification when the authentication information is received for the second time.
Claim 1. A method implemented by a constrained node and comprising: 


receiving, from an Internet of things (IoT) client, authentication information a first time; 






performing, in response to receiving the authentication information the first time, a first verification of the authentication information; 


























receiving the authentication information a second time; and 

forwarding, in response to receiving the authentication information the second time, the authentication information without performing a second verification of the authentication information.  




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-3, 5-11 and 13-19 are rejected under 35 U.S.C. 103 as being unpatentable over Hermann et al. (US 2006/0090197 A1) in view of Shah et al. (US 2011/0231918 A1) further in view of Kim et al. (US 2016/0044032 A1).
Regarding Claims 1, 9, and 17, Hermann discloses A method implemented by a constrained node ([0015], “the token distribution unit”) and comprising: 
receiving, from a client, authentication information a first time ([0015], “a client sends at first authentication information, such as a username and a password or a certificate, to the token distribution unit and receives in response a request token, which allows to obtain an authentication token for a single access of a data resource”); 
performing, in response to receiving the authentication information the first time, a first verification of the authentication information ([0018], “validation of the first one-way authentication token”); 
receiving the authentication information a second time ([0013], “receiving the same one-way authentication token for the second time”); 
Hermann does not explicitly teach but Shah teaches
forwarding, in response to receiving the authentication information the second time, the authentication information without performing a second verification of the authentication information ([0004], “the SSO server does not challenge the user for credentials a second time. Instead, the SSO server uses the session cookie to validate the user identity. Upon validating the identity of the user, the SSO server passes an authentication token to the second partner,”).  
Hermann and Shah are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shah with the disclosure of Hermann. The motivation/suggestion would have been to provide a unified process for registering partners (Shah, Abstract),
The combined teaching of Hermann and Shah does not explicitly teach but Kim teaches
The client is an Internet of things (IoT) client ([0001], “similar IoT devices”),
Hermann, Shah and Kim are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kim with the combined teaching of Hermann and Shah. The motivation/suggestion would have been for setup of multiple similar IoT devices at substantially the same time using joint authentication (Kim, [0001]).

Regarding Claims 2, 10, and 18, the combined teaching of Hermann, Shah and Kim teaches 
determining that the authentication information is received for the first time when receiving the authentication information in a non-security mode (Hermann, [0013], “transmit the authentication token over an unsecured channel”).  

Regarding Claims 3, 11, and 19, the combined teaching of Hermann, Shah and Kim teaches 
forwarding the authentication information (Shah, [0004], “passes an authentication token”) when the first verification succeeds (Hermann, [0018], “validation of the first one-way authentication token”).

Regarding Claims 5, and 13, the combined teaching of Hermann, Shah and Kim teaches 
wherein the authentication information comprises a forward token (Hermann, [0015], “an authentication token”).  

Regarding Claims 6, and 14, the combined teaching of Hermann, Shah and Kim teaches 
wherein the first verification is successful when the forward token is a legitimate token (Hermann, [0016], “if the one-way authentication token is valid only for a predefined limited time”).  

Regarding Claims 7, and 15, the combined teaching of Hermann, Shah and Kim teaches 
wherein the forward token is the legitimate token when time validity of the forward token is within a valid period and a route between the constrained node and a resource server exists (Hermann, [0038], “whether a predefined time limit for the validity of the authentication token 1 has already expired”, [0037], “The path (i.e. route) of the one-way authentication tokens used in the method illustrated by FIG. 2 is indicated by dotted or dash-dotted arrows.”)

Regarding Claims 8, and 16, the combined teaching of Hermann, Shah and Kim teaches 
deleting the forward token from the authentication information to obtain modified authentication information (Shah, [0099], “delete an existing partner registration record, or modify an existing partner registration record”); and 
further forwarding the modified authentication information in a security mode (Hermann, [0038], “via the preferably secured channel”).  

Claims 4, 12, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hermann et al. (US 2006/0090197 A1) in view of Shah et al. (US 2011/0231918 A1) further in view of Kim et al. (US 2016/0044032 A1) and further in view of Iyengar et al. (US 2007/0266426 A1).
Regarding Claims 4, 12, and 20, the combined teaching of Hermann, Shah and Kim does not explicitly teach but Iyengar teaches
discarding the authentication information when the first authentication fails (Iyengar, [0038], “check whether the trust token is valid, if it is invalid or no TC is present, then the request is dropped”).
Hermann, Shah, Kim and Iyengar are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Iyengar with the combined teaching of Hermann, Shah and Kim. The motivation/suggestion would have been for determining trust, quality of service, and personalization for clients using tokens (Iyengar, [0004]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186. The examiner can normally be reached Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497