Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

Claims 1-20 are pending in this office action.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on December 20, 2018, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-7 and 9-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Bjarnason et al. (U.S. Patent Pub. No. 2013/0318343).

Regarding claims 1, 11, and 18, Bjarnason et al. teaches a method comprising: a cloud-based service (paragraph 0017); an authorized local domain service deployed in a local network and authorized to communicate with the cloud-based service on behalf of an organization (fig. 4, ref. num 30); and a local domain service deployed in the local network to register endpoint devices for communications on behalf of the organization (fig. 4, ref. num 40); wherein the authorized local domain service is configured to: receiving, from a local domain service deployed in the local network and configured to connect with and register the endpoint devices in the local network for communications on behalf of the organization, an identity of an endpoint device among the endpoint devices, wherein the identity was acquired by the local domain service when the endpoint device registered with the local domain service (paragraph 0064); identifying for the organization an account associated with the identity of the endpoint device (paragraph 0065); creating in the cloud-based service for the organization an association between the identity of the endpoint device and the account (paragraph 0069); and notifying the endpoint device via the local domain service to onboard against the cloud-based service for access to the cloud-based service (paragraph 0088).

Regarding claims 2, 12, and 19, Bjarnason et al. teaches further comprising, at the cloud-based service: receiving trust information indicating a trusted certificate authority to issue certificates to endpoint devices and a trusted local domain service for the organization; after the notifying, receiving from the endpoint device, over a network connection with the endpoint device, endpoint device information that indicates the local domain service, a certificate authority that issued a certificate to the endpoint device, and the identity of the endpoint device; determining whether the endpoint device is trusted based on comparisons between the trust information and the endpoint device information; and if the endpoint device is trusted, authorizing the endpoint device to access the cloud-based service, otherwise, not authorizing the endpoint device to access the cloud-based service (paragraph 0088, 0112, and 0115).

Regarding claim 3, Bjarnason et al. teaches wherein the authorizing includes issuing to the endpoint device one or more access tokens to be used by the endpoint device to access services of the cloud-based service (paragraph 0049).

Regarding claims 4, 13, and 20, Bjarnason et al. teaches wherein the determining includes: testing whether (i) the trusted certificate authority issued the certificate to the endpoint device, (ii) the endpoint device is connected to the trusted local domain service, and (iii) the identity of the endpoint device is associated with the account; and determining the endpoint device is trusted when tests (i), (ii), and (iii) all pass, otherwise, determining the endpoint device is not trusted (paragraph 0057 and 0074).

Regarding claims 5 and 14, Bjarnason et al. teaches further comprising, at the local domain service: establishing an endpoint device-initiated Transport Layer Security (TLS) connection with the endpoint device over which the endpoint device registers with the local domain service; and issuing to the endpoint device over the TLS connection a certificate for the local domain service, wherein the receiving from the endpoint device the endpoint device information includes receiving from the endpoint device the certificate for the local domain service (paragraph 0114 and 0119).

Regarding claims 6 and 15, Bjarnason et al. teaches further comprising, at the cloud-based service: establishing the network connection with the endpoint device as an endpoint device-initiated Transport Layer Security (TLS) connection (paragraph 0114).

Regarding claims 7 and 16, Bjarnason et al. teaches further comprising, at the cloud-based service: prior to the creating, receiving trust information to cause the cloud-based service to trust the authorized local domain service to perform actions, including the creating, on the cloud-based service on behalf of the organization (paragraph 0024 and 0107-0108).

Regarding claim 9, Bjarnason et al. teaches further comprising, at the authorized local domain service: prior to the creating, determining whether the account exists in the cloud-based service; and if the account does not exist in the cloud-based service, creating in the cloud-based service the account, and then performing the creating (paragraph 0107).

Regarding claim 10, Bjarnason et al. teaches wherein: the creating includes creating a shared account in the cloud-based service for multiple users or multiple endpoint devices (paragraph 0050).

Regarding claim 17, Bjarnason et al. teaches wherein the authorized local domain service is further configured to: prior to when the authorized local domain service is configured to create the association, determine whether the account exists in the cloud-based service; and if the account does not exist in the cloud-based service, create in the cloud-based service the account, and then perform the create the association between the account and the identity (paragraph 0107).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Bjarnason et al. (U.S. Patent Pub. No. 2013/0318343) in view of Ylonen (U.S. Patent Pub. No. 2015/0222604).

Regarding claim 8, Bjarnason et al. teaches all the limitations of claim 1, above.  However, Bjarnason et al. does not teach wherein: the receiving includes receiving the identity of the endpoint device as a media access control (MAC) address of the endpoint device; and the creating include creating the association as an association between the account and the MAC address.
Ylonen teaches wherein: the receiving includes receiving the identity of the endpoint device as a media access control (MAC) address of the endpoint device; and the creating include creating the association as an association between the account and the MAC address (paragraph 0440).
It would have been obvious to one of ordinary skill in the art, at the time the invention was made, to combine using the MAC address to create an association, as taught by Ylonen, with the method of Bjarnason et al.  It would have been obvious for such modifications because the MAC address is a unique identifier of each hardware device.  Having a unique way to identify each devices ensures that multiple devices don’t get registered for the same account.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON S HOFFMAN whose telephone number is (571)272-3863.  The examiner can normally be reached on Monday-Friday 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRANDON S HOFFMAN/Primary Examiner, Art Unit 2433