DETAILED ACTION
Claims 1-20 are pending in this action.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 9/30/2021 and 9/9/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements have been considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as failing to set forth the subject matter which the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the applicant regards as the invention. Evidence that claims 1-20 fail to correspond in scope with that which the inventor or a joint inventor, or for pre-AIA  applications the applicant regards as the invention can be found in the specification at paragraph [0005]. In the specification, the inventor or a joint inventor, or for pre-AIA  applications the applicant has stated that the purpose/novelty of the invention is to determine that a connection agent is not tainted by one or more previously logged in users. It is unclear how the claims are directed to accomplishing this purpose/novelty as there is no mention of tainted connection agents or reference to previously logged on users.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 9 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Benantar (US PGPUB No. 2003/0130947) in view of Hamburger et al. (US PGPUB No. 2017/0257282).

As per claim 1, Benantar teaches a method comprising: receiving, by a client device and from one or more servers, a public key of the one or more servers; receiving, by the client device and from a computing device ([0044], verifying entity, i.e. client device, receives certificate authority (CA) public key), information comprising: a public key, of the computing device, signed by a private key of the one or more servers ([0044], certificate authority (CA) signs “user” public key); and determining, by the client device, whether a signature of the signed public key of the computing device corresponds to the public key of the one or more servers ([0044], verifying entity, i.e. client device, using CA public key to verify the signature of the signed public key in the certificate).
Benantar does not explicitly teach data generated by the client device and signed by a private key of the computing device. Hamburger teaches data generated by the client device and signed by a private key of the computing device (Claim interpretation – specification of instant application at [0073]-[0074] - data can be a random number sent to the connection agent by the client to verify the connection agent and its possession of the proper private key – this is interpreted to be a form of challenge response) ([0006], sending a challenge string and receiving challenge-response with the string signed with a private key).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Benantar with the teachings of Hamburger, data generated by the client device and signed by a private key of the computing device, to provide a way for the client device to authenticate itself or verify possession of key material which ensures a secure transaction.

As per claim 9, the substance of the claimed invention is identical or substantially similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.

As per claim 15, the substance of the claimed invention is identical or substantially similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.

Claims 2-6, 10-13 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Benantar and Hamburger in further view of Bell (US PGPUB No. 2013/0219468).

As per claim 2, the combination of Benantar and Hamburger teaches the method of claim 1.
The combination of Benantar and Hamburger does not explicitly teach wherein the receiving the public key of the one or more servers comprises issuing, by the one or more servers to the client device, a connection lease. Bell teaches wherein the receiving the public key of the one or more servers comprises issuing, by the one or more servers to the client device, a connection lease ([0066], receiving an encrypted connection lease along with the requisite public key to verify it).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Benantar and Hamburger with the teachings of Bell, wherein the receiving the public key of the one or more servers comprises issuing, by the one or more servers to the client device, a connection lease, to provide verifying entity the necessary key material to verify a certificate used in conjunction with a connection lease.

As per claim 3, the combination of Benantar, Hamburger and Bell teaches the method of claim 2, further comprising: based on a determination that the signature of the signed public key of the computing device does not correspond with the public key of the one or more servers (Benantar; [0044], verifying entity, i.e. client device, using CA public key to verify the signature of the signed public key in the certificate), connecting, by the client device, to a second computing device identified in the connection lease (Bell; [0008], connection lease lists one or more session hosts that can be connected to by the client device along with the allow and deny conditions for such access). This combination would be made by including in the allow condition the verification of the CA signature with the provided public key taught in Benantar and would be motivated by the desire to combine the security flexibility of private/public key protocol with the permanent nature of connection leases as opposed to standard session protocols.

As per claim 4, the combination of Benantar, Hamburger and Bell teaches the method of claim 2, further comprising: based on a determination that the signature of the signed public key of the computing device corresponds to the public key of the one or more servers, determining, by the client device, whether a signature of the signed data corresponds to the signed public key of the computing device (Benantar; [0044], after the CA signature is verified the public key can be used) combined with (Hamburger; [0006], public key can be used to verify signed challenge to verify possession of private key and identity of connection agent). This combination would be motivated by the need to attest to a particular entity and its public key to be used for a subsequent authentication mechanism like challenge-response.

As per claim 5, the combination of Benantar, Hamburger and Bell teaches the method of claim 4, further comprising: based on a determination that the signature of the signed data does not correspond to the signed public key of the computing device (Benantar; [0044], verifying entity, i.e. client device, using CA public key to verify the signature of the signed public key in the certificate), connecting, by the client device, to a second computing device identified in the connection lease (Bell; [0008], connection lease lists one or more session hosts that can be connected to by the client device along with the allow and deny conditions for such access). This combination would be made by including in the allow condition the verification of the CA signature with the provided public key taught in Benantar and would be motivated by the desire to combine the security flexibility of private/public key protocol with the permanent nature of connection leases as opposed to standard session protocols.

As per claim 6, the combination of Benantar, Hamburger and Bell teaches the method of claim 4, further comprising: based on a determination that the signature of the signed data corresponds to the signed public key of the computing device, connecting, by the client device, to the computing device (Bell; [0009]-[0010], using verified connection lease to connect to a particular resource hosted by a session host).

As per claim 10, the substance of the claimed invention is identical or substantially similar to that of claim 2. Accordingly, this claim is rejected under the same rationale.

As per claim 11, the substance of the claimed invention is identical or substantially similar to that of claim 3. Accordingly, this claim is rejected under the same rationale.

As per claim 12, the substance of the claimed invention is identical or substantially similar to that of claim 5. Accordingly, this claim is rejected under the same rationale.

As per claim 13, the substance of the claimed invention is identical or substantially similar to that of claim 6. Accordingly, this claim is rejected under the same rationale.

As per claim 16, the substance of the claimed invention is identical or substantially similar to that of claim 2. Accordingly, this claim is rejected under the same rationale.

As per claim 17, the substance of the claimed invention is identical or substantially similar to that of claim 3. Accordingly, this claim is rejected under the same rationale.

As per claim 18, the substance of the claimed invention is identical or substantially similar to that of claim 5. Accordingly, this claim is rejected under the same rationale.

As per claim 19, the substance of the claimed invention is identical or substantially similar to that of claim 6. Accordingly, this claim is rejected under the same rationale.

Claims 7, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Benantar and Hamburger in further view of Reilly et al. (US PGPUB No. 2006/0047951) [hereinafter “Reilly”].

As per claim 7, the combination of Benantar and Hamburger the method of claim 1, verifying, by the client device and based on a public key of the one or more servers, the signed public key of the computing device (Benantar; [0044], verifying entity using CA public key to verify private key signature of an issued public key certificate).
The combination of Benantar and Hamburger does not explicitly teach receiving, by the client device and from the one or more servers, a second public key of the one or more servers; and verifying, by the client device and based on the second public key of the one or more servers. Reilly teaches receiving, by the client device and from the one or more servers, a second public key of the one or more servers ([0028], requestor used second public key to verify private key signature of certificate issued by CA); and verifying, by the client device and based on the second public key of the one or more servers ([0028], second public key used to verify certificate issued by CA during a validity period – this would be combined with the public key certificate taught in Benantar). 
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Benantar and Hamburger with the teachings of Reilly, receiving, by the client device and from the one or more servers, a second public key of the one or more servers; and verifying, by the client device and based on the second public key of the one or more servers, to provide a regeneration or renewal process for subsequent or multiple certificate issuances where the security policy may demand multiple key pairs.

As per claim 14, the substance of the claimed invention is identical or substantially similar to that of claim 7. Accordingly, this claim is rejected under the same rationale.

As per claim 20, the substance of the claimed invention is identical or substantially similar to that of claim 7. Accordingly, this claim is rejected under the same rationale.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Benantar and Hamburger in further view of Nasu et al. (JP-2005318572-A) [hereinafter “Nasu”].

As per claim 8, the combination of Benantar and Hamburger teaches the method of claim 1.
The combination of Benantar and Hamburger does not explicitly teach wherein the signed public key of the computing device comprises one or more of a machine ID or an expiration date. Nasu teaches wherein the signed public key of the computing device comprises one or more of a machine ID or an expiration date (Page 11, para. 6, public key certificate includes expiration date and device ID).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Benantar and Hamburger with the teachings of Nasu, wherein the signed public key of the computing device comprises one or more of a machine ID or an expiration date, to include useful bibliographic information in the public key certificate that can assist a receiver and sender to know where and when to send the certificate.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Pitsos (US PGPUB No. 2004/0054889) and Riggins (US Patent No. 6,233,341) disclose various known aspects of PKI and certificate protocols.  Slaughter et al. (US Patent No. 6,898,618), Ramarathinam et al. (US PGPUB No. 2012/0096271), Xie (CN-104104688-A) and Gopshtein et al. (WO-2016053265-A1) disclose aspects of connection leasing and tenant authorization. Chen et al. ("SDN-enabled session continuity for wireless networks," 2017 IEEE International Conference on Communications (ICC), 2017, pp. 1-6, doi: 10.1109/ICC.2017.7997199), Handorean et al. ("Context aware session management for services in ad hoc networks," 2005 IEEE International Conference on Services Computing (SCC'05) Vol-1, 2005, pp. 113-120 vol.1, doi: 10.1109/SCC.2005.40), Vrind et al. ("Session cloning protocol between smart devices for connected and un-connected states in B4G and 5G," 2018 15th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2018, pp. 1-8, doi: 10.1109/CCNC.2018.8319191) and Yang et al. ("An A-RBAC mechanism for a multi-tenancy cloud environment," 2014 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE), 2014, pp. 1-5, doi: 10.1109/VITAE.2014.6934436) disclose aspects of session management across networks including cloud infrastructure.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179. The examiner can normally be reached Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PETER C SHAW/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        November 14, 2022