DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement filed January 10, 2022 has been placed in the application file and the information referred to therein has been considered as to the merits.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-10 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-10 of U.S. Patent No. 11,146,398. Claims 1-10 of the instant application are anticipated by patent claims 1-10 in that claims 1-10 of the patent contain all the limitations of claims 1-10 of the instant application. Therefore, claims 1-10 of the application are not patently distinct from the earlier patent claims and as such is unpatentable for obvious-type double patenting.

US patent application – 17/473,172
1. A method comprising: receiving, from a first computing device communicating in an untrusted system, information comprising: a request for a service; and a token comprising a signature and encrypted data; 






sending, to a second computing device that generated the token and that communicates in a trusted system, the token; receiving, from the second computing device and based on the encrypted data, decrypted data indicating that the first computing device has permission to access the service; 


and sending, to a third computing device communicating in the trusted system and based on the determining that the first computing device has permission to access the service, the request for the service.  

2. The method of claim 1, wherein the second computing device is associated with a service provider providing network access and security to the first computing device and the third computing device.  

3. The method of claim 1, wherein third computing device is associated with a third party service or cloud platform.  

4. The method of claim 1, wherein the encrypted data was encrypted using a first key, and wherein the first key is encrypted using a second key to generate an encrypted first key.  
5. The method of claim 4, wherein the token further comprises a header comprising the encrypted first key.  

6. The method of claim 4, wherein the first key is a random content encryption key (CEK).  

7. The method of claim 4, wherein the encrypted first key comprises an encrypted content encryption key (eCEK).  

8. The method of claim 4, wherein the second key is a public key.  

9. The method of claim 4, wherein the token further comprises a Uniform Resource Locator (URL) providing a link to a public key certificate associated with the signature.  

10. The method of claim 1, wherein the encrypted data comprises information indicating at least one of: permissions of the first computing device, account information of the first computing device, or capabilities of the first computing device.  

US patent – 11,146,398
1. A method comprising: receiving, from a first computing device communicating in an untrusted system, information comprising: a request for a service; and a token comprising a signature and encrypted data; validating, based on the signature, the token; determining, based on the validated token, a second computing device that generated the token and that communicates in a trusted system; 

sending, to the second computing device, the validated token; receiving, from the second computing device, the validated token, wherein the encrypted data has been decrypted by the second computing device; determining, based on the decrypted data, whether the first computing device has permission to access the service; 


and sending, based on the determining whether the first computing device has permission to access the service and to a third computing device communicating in the trusted system, the request for the service.

2. The method of claim 1, wherein the second computing device is associated with a service provider providing network access and security to the first computing device and the third computing device.

3. The method of claim 1, wherein third computing device is associated with a third party service or cloud platform.

4. The method of claim 1, wherein the encrypted data was encrypted using a first key, and wherein the first key is encrypted using a second key to generate an encrypted first key.
5. The method of claim 4, wherein the token further comprises a header comprising the encrypted first key.

6. The method of claim 4, wherein the first key is a random content encryption key (CEK).

7. The method of claim 4, wherein the encrypted first key comprises an encrypted content encryption key (eCEK).


8. The method of claim 4, wherein the second key is a public key.

9. The method of claim 4, wherein the token further comprises a Uniform Resource Locator (URL) providing a link to a public key certificate associated with the signature.

10. The method of claim 1, wherein the encrypted data comprises information indicating at least one of: permissions of the first computing device, account information of the first computing device, or capabilities of the first computing device.




Claims 11-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 11-14 and 16 of U.S. Patent No. 11,146,398. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application are directed towards related subject from the patented ‘398 claims in that the claims of the ‘398 patent contain all of the limitations of the instant application. The ‘398 patented claims are directed towards a method for improved communications between a service and end devices via a gateway. It would have been obvious to a person of ordinary skill before the effective filing date of the claimed invention to substitute one statutory class of invention for another which would not affect the outcome of the claimed invention. Claims 11-14 and 16 of the instant application therefore are not patentably distinct from the earlier filed ‘398 patented claims, and as such, is unpatentable for obvious-type double patenting.


US patent application – 17/473,172
11. A method comprising: 





receiving, from a first computing device communicating in an untrusted system, information comprising: a request for sensitive data; and a token comprising a signature and encrypted data; sending, to a second computing device that generated the token and that communicates in a trusted system, the token; receiving, from the second computing device and based on the encrypted data, decrypted data indicating that the first computing device has permission to access the sensitive data; and sending, to a third computing device communicating in the trusted system and based on the determining that the first computing device has permission to access the sensitive data, the request for sensitive data.  







12. The method of claim 11, wherein the second computing device is associated with a service provider providing network access and security to the first computing device and the third computing device.  

13. The method of claim 11, wherein third computing device is associated with a third party service or cloud platform. 
 
14. The method of claim 11, wherein the encrypted data was encrypted using a first key, and wherein the first key is encrypted using a second key to generate an encrypted first key.  
15. The method of claim 14, wherein the token further comprises a header comprising the encrypted first key. 
 
16. The method of claim 11, wherein the encrypted data comprises information indicating at least one of: permissions of the first computing device, account information of the first computing device, or capabilities of the first computing device.  

US patent – 11,146,398
11. A device, comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the device to: 

receive, from a first computing device communicating in an untrusted system, information comprising: a request for a service; and a token comprising a signature and encrypted data; validate, based on the signature, the token; determine, based on the validated token, a second computing device that generated the token and that communicates in a trusted system; send, to the second computing device, the validated token; receive, from the second computing device, the validated token, wherein the encrypted data has been decrypted by the second computing device; determine, based on the decrypted data, whether the first computing device has permission to access the service; and send, based on the determining whether the first computing device has permission to access the service and to a third computing device communicating in the trusted system, the request for the service.

12. The device of claim 11, wherein the second computing device is associated with a service provider providing network access and security to the first computing device and the third computing device.

13. The device of claim 11, wherein third computing device is associated with a third party service or cloud platform.

14. The device of claim 11, wherein the encrypted data was encrypted using a first key, and wherein the first key is encrypted using a second key to generate an encrypted first key, wherein the token further comprises a header comprising the encrypted first key.


16. The device of claim 11, wherein the encrypted data comprises information indicating at least one of: permissions of the first computing device, account information of the first computing device, or capabilities of the first computing device.




Claims 17-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4 of U.S. Patent No. 11,146,398. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application are directed towards related subject from the patented ‘398 claims in that the claims of the ‘398 patent contain all of the limitations of the instant application. The ‘398 patented claims are directed towards a method for improved communications between a service and end devices via a gateway. Claims 17-20 of the instant application and claims 1-4 of the ‘398 patented claims each show method steps of a computing device in an untrusted system and method steps of two computing devices in a trusted system. The only difference between the two is the labelling of the firs and second computing devices. Therefore, claims 17-20 of the instant application are not patentably distinct from the earlier filed ‘398 patented claims, and as such, is unpatentable for obvious-type double patenting.

US patent application – 17/473,172
17. A method comprising: receiving, by a first computing device communicating in a trusted system and based on a request for a service from a second computing device communicating in an untrusted system, a token comprising a signature and encrypted data; determining, by the first computing device and based on the encrypted data, that the second computing device has permission to access the service; and sending, by the first computing device, decrypted data indicating that the second computing device has permission to access the service to cause sending, to a third computing device communicating in the trusted system, the request for the service.  








18. The method of claim 17, wherein the first computing device is associated with a service provider providing network access and security to the second computing device and the third computing device.  

19. The method of claim 17, wherein third computing device is associated with a third party service or cloud platform.  

20. The method of claim 17, wherein the encrypted data was encrypted using a first key, and wherein the first key is encrypted using a second key to generate an encrypted first key.

US patent – 11,146,398
1. A method comprising: receiving, from a first computing device communicating in an untrusted system, information comprising: a request for a service; and a token comprising a signature and encrypted data; validating, based on the signature, the token; determining, based on the validated token, a second computing device that generated the token and that communicates in a trusted system; sending, to the second computing device, the validated token; receiving, from the second computing device, the validated token, wherein the encrypted data has been decrypted by the second computing device; determining, based on the decrypted data, whether the first computing device has permission to access the service; 
and sending, based on the determining whether the first computing device has permission to access the service and to a third computing device communicating in the trusted system, the request for the service.

2. The method of claim 1, wherein the second computing device is associated with a service provider providing network access and security to the first computing device and the third computing device.


3. The method of claim 1, wherein third computing device is associated with a third party service or cloud platform.

4. The method of claim 1, wherein the encrypted data was encrypted using a first key, and wherein the first key is encrypted using a second key to generate an encrypted first key.




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW B SMITHERS whose telephone number is (571)272-3876. The examiner can normally be reached 8:00-4:00 (Teleworking).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MATTHEW SMITHERS/
Primary Examiner
Art Unit 2437