RESPONSE TO AMENDMENT
This communication is responsive to the amendment filed 25-November-2020 with respect to application 16/5-6,655 filed 9-July-2019.  
Applicant has amended claims 13 and 16, and has cancelled claims 30 and 31.
Claims 13-29 are currently pending.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Rejections - 35 USC §103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 13, 21, 23, 25 and 26 are rejected under 35 USC §103(a) as unpatentable over Mahaffey et al. (United States Patent Application Publication # US 2015/0163121 A1), hereinafter Mahaffey, in view of Sharaga et al. (United States Patent Application Publication # US 2016/0182499 A1), hereinafter Sharaga.
Consider claim 13:  A method for managing operational data associated with connected devices performed by a trusted analytics service system comprising a processor and a non-transitory computer-readable medium storing instructions that, when executed by the processor, cause the trusted analytics service system to perform the method, Mahaffey discloses the monitoring of and anomaly 
detection for multiple distributed devices [Title; Abstract; Fig. 1; 4; Para. 0006-0008], the method performed by program instructions stored in computer readable memory and performed by a processor within a trusted module or environment [Fig. 1,7; Para. 0036-0038, 0048-0049],  the method comprising:
receiving, from a first trusted component executing on a first connected device, first operational data associated with the first connected device, a process in which (first) data is collected from each of a plurality of client/computer devices, the device monitoring by an application or by operating system module and which may take place in a secure mode such as from an exemplary ARM/TrustZone (step 1020)  [Fig. 7, 10; Para. 0009-0010, 0109, 0230-0231]; the first operational data being encrypted and generated in accordance with at least a first policy enforced by the first trusted component; the first data in response to first policies distributed to a plurality of devices (step 1010-1015) wherein a plurality of policies may be stored and managed according to a policy server component (750/755) of a central server system (738) and stored and implemented in each computing device (705) by a device policy manager (715/730) of each device [Fig. 10; Para. 00230-0231], the (first) observations (735) stored in the computing device, and collected in 
decrypting the first operational data using a key associated with the first trusted component to generate first decrypted operational data;
receiving, from a second trusted component executing on a second connected device, second operational data associated with the second connected device, the second operational data being encrypted and generated in accordance with at least a second policy enforced by the second trusted component, the second policy being different, at least in part, from the first policy; and that if observation data for one or more particular devices (second devices), a second different policy may be distributed to those devices and second different observational data is returned [Fig. 10; Para. 0232-0233], and in the alternative embodiment, a second subgroup of devices monitors for a second (different, according to a different policy) set of events [Fig. 11 (step 1115); Para. 0234-0235];
decrypting the second operational data using a key associated with the second trusted component to generate second decrypted operational data;
generating, using an analytics engine of the trusted analytics service system, an operational data analytics message based, at least in part, on a comparison between at least part of the first decrypted operational data and a model generated using at least part of the second decrypted operational data; and
transmitting the operational data analytics message to a user system; wherein the notification may be communicated by e-mail or SMS (i.e. transmitted) [Para. 0006].
Mahaffey discloses that monitoring on a particular (first or second) device can take place from a secure mode such as ARM TrustZone, and that personally identifiable information (PII) collected may be protected [Para. 0109] but does not specifically disclose that communicated operational data is encrypted. Encryption of data communicated between trusted devices was well known, however, and for example:
Sharaga discloses systems and methods for trust establishment between a trusted execution environment and peripheral devices (for example between a trusted device and a server [Title; Abstract; Fig. 1-3; Para. 0013-0014] and in 
Therefore it would have been obvious to one of ordinary skill in the art at the time of effective filing for the invention for two devices operating in a trusted mode to exchange data using encryption based on a particular transport key generated for the particular communication between the trusted device pair as taught by Sharaga, and applied to a method for monitoring of and anomaly detection of multiple distributed devices as taught by Mahaffey where the operational data communicated from each individual monitored device (an therefore first and second devices) is individually and uniquely encrypted and decrypted in order that the messages be secure.
Consider claim 21 and as applied to claim 13:  The method of claim 13, wherein the first operational data comprises at least one of device sensor data, device command information, duty cycle information, and device set point information. Mahaffey discloses that a client device (both first and second devices, which may be the same type of device) may comprise sensors, and that collected device data may include sensor data [Fig. 6; Table 1; Para. 0081-0083, 0087-0088].
Consider claim 23 and as applied to claim 13:  The method of claim 13, wherein the second operational data comprises at least one of device sensor data, device command information, duty cycle information, and device set point information. Mahaffey discloses that a client device (both first and second devices, which may be the same type of device) may comprise sensors, and that collected device data may include sensor data [Fig. 6; Table 1; Para. 0081-0083, 0087-0088].
Consider claim 25 and as applied to claim 13:  The method of claim 13, wherein the first connected device comprises at least one of a security system, a vehicle infotainment system, a streaming media device, a gaming device, an entertainment system, a networked lock, a connected thermostat, a connected furnace, a connected air conditioning system, an irrigation system, a water control system, a pump system, a utility meter, a network gateway, an activity sensor, a home alarm, security systems, vehicle infotainment systems, streaming media devices, gaming devices, a connected appliance, a connected vehicle, a mobile communication device, a wind turbine system, a solar panel system, and an industrial manufacturing system. Mahaffey discloses that client devices (both first and second devices) are networked computer devices, and particularly that these may include various mobile communication devices such as a smartphone [Para. 0041, 0043].
Consider claim 26 and as applied to claim 13:  The method of claim 13, wherein the second connected device comprises at least one of a security system, a vehicle infotainment system, a streaming media device, a gaming device, an entertainment system, a networked lock, a connected thermostat, a connected furnace, a connected air conditioning system, an irrigation system, a water control system, a pump system, a utility meter, a network gateway, an activity sensor, a home alarm, security systems, vehicle infotainment systems, streaming media devices, gaming devices, a connected appliance, a connected vehicle, a mobile communication device, a wind turbine system, a solar panel system, and an industrial manufacturing system. Mahaffey discloses that client devices (both first and second devices) are networked computer devices, and particularly that these may include various mobile communication devices such as a smartphone [Para. 0041, 0043].

Claims 14-20 are rejected under 35 USC §103 as unpatentable over Mahaffey et al. (United States Patent Application Publication # US 2015/0163121 A1), hereinafter Mahaffey, and Sharaga et al. (United States Patent Application Publication # US 2016/0182499 A1), hereinafter Sharaga, in view of Rayburn et al. (United States Patent Application Publication # US 2005/0188076 A1), hereinafter Rayburn.
Consider claim 14 and as applied to claim 13:  The method of claim 13, wherein the method further comprises receiving, from the user system, a request to generate the operational data analytics message based, at least in part, on the first operational data and the second operational data.
Mahaffey discloses generation and transmission of a message by e-mail or SMS based on anomalous operational data [Para. 0008, 0103] but discloses this as a response to an anomalous determination (a “push” notification), rather than 
Rayburn discloses an implementation of an IM (instant message) system for gathering and dispersing operational data for a building management system in a secure manner [Title; Abstract; Fig. 1; Para. 0001, 0008-0011] and specifically that a router gathers and packages operational data from a plurality of sources (steps 200, 205, 210, 220) and based on a remote user log-on (step 240), an IM server routes the packaged data to the remote user (step 260) [Fig. 2; Para. 0032]; furthermore, embodiments allow specific user requests of the particular data items to be gathered (steps 300-370, particularly 300, 310) [Fig. 3; Para. 0033-0034].
Therefore it would have been obvious to one of ordinary skill in the art at the time of effective filing for the invention to allow a user to request operational information in a “pull” notification, as well as receive automatic alerts as “push” notifications [Rayburn: Para. 0034] as taught by Rayburn and applied to a method for monitoring of and anomaly detection of multiple distributed devices as taught by Mahaffey and as modified by Sharaga, thereby allowing a user to obtain a notification if a problem occurs, but also monitor operational parameters of his choosing, at a time of his choosing at a remote location.
Consider claim 15 and as applied to claim 14:  The method of claim 14, wherein the operational data analytics message is generated in response to receiving the request. Rayburn discloses generation of a pull message based on a specific supra).
Consider claim 16 and as applied to claim 14:  The method of claim 14, wherein the request to generate the operational data analytics message is generated by a personal agent application executing on the user system.  Rayburn discloses the use of an IM (instant message) application (personal agent application) for opening, checking and displaying (generating) the operational data for a user to view (steps 270, 280, 290, 295) [Fig. 2; Para. 0032] (see also the analysis for claim 14 supra).
Consider claim 17 and as applied to claim 13:  The method of claim 13, wherein generating the operational data analytics message further comprises enforcing a third policy in connection with generating the operational data analytics message.
Mahaffey discloses the use of polices in the collection of and analysis of operational data within a system, and that policies may be generated, stored and/or enforced by the system server, client device or both [Para. 0103-0108 (particularly 0106-0108)], but does not disclose a specific policy with respect to generation and communication of messages relating to operational information or analytics. Specific polices in this regard are known in the art, and for example:
Rayburn discloses an implementation of an IM (instant message) system for gathering and dispersing operational data for a building management system in a secure manner [Title; Abstract; Fig. 1; Para. 0001, 0008-0011] and particularly policies relating to user authorization for a client device to make 
Therefore it would have been obvious to one of ordinary skill in the art at the time of effective filing for the invention to provide a policy requiring potential users to be registered and authorized in order to request or receive system analytic or operational messages as taught by Rayburn and applied to a method for monitoring of and anomaly detection of multiple distributed devices as taught by Mahaffey and as modified by Sharaga, in order that only necessary and appropriate users have access to system information.
Consider claim 18 and as applied to claim 17:  The method of claim 17, wherein the method further comprises receiving policy information associated with the third policy from the user system. This claim is rejected based on the same references, citations and analysis as for claim 17 and as applied to claim 13, and wherein Rayburn teaches that a server receives an ID and password (policy related information) from a client attempting to request or access system analytic data [Rayburn: Para. 0036] (see also the analysis for claim 17).
Consider claim 19 and as applied to claim 17:  The method of claim 17, wherein the method further comprises receiving policy information associated with the third policy from a personal agent application executing on a device associated with an individual having control of at least one of the first connected device and the second connected device. This claim is rejected based on the same references, citations and analysis as for claims 17 and 18, and as applied to claim 13, and wherein Rayburn teaches that a server receives an ID and password (policy related information) the ID and password associated with an instant messaging (IM) application (personal agent application), such as Jabber, located on the user client device [Rayburn: Para. 0020-0021, 0029] (see also the analysis for claim 17).
Consider claim 20 and as applied to claim 19:  The method of claim 19, wherein the user system comprises the device. Wherein Rayburn discloses IM application software applications installed on both gateway (server side) and client devices, and the user system or device may be a computer, laptop, PDA or equivalent [Para. 0023-0029].

Claims 22, 24 and 27-29 are rejected under 35 USC §103 as unpatentable over Mahaffey et al. (United States Patent Application Publication # US 2015/0163121 A1), hereinafter Mahaffey, and Sharaga et al. (United States Patent Application Publication # US 2016/0182499 A1), hereinafter Sharaga, in view of Sinha et al. (United States Patent Application Publication # US 2017/0284691 A1), hereinafter Sinha.
Consider claim 22 and as applied to claim 21:  The method of claim 21, wherein the first operational data comprises device sensor data, the device sensor data comprising at least one of data provided by an internal temperature sensor, an external temperature sensor, a humidity sensor, a current sensor, a voltage sensor, a fluid level sensor, an atmospheric sensor, and an environmental sensor.
Mahaffey discloses that a client device (both first and second devices, which may be the same type of device) may comprise sensors, and that collected device data may include sensor data [Fig. 6; Table 1; Para. 0081-0083, 0087-0088], and suggests, but does not specifically discloses a temperature, humidity, current, voltage, atmospheric or environmental sensor.
Sinha, however, discloses secure device registration and operation in a distributed building management system in which operational data is collected from a plurality of building devices and systems, analyzed and distributed [Title; Abstract; FIG. 4-6, 11; Para. 0025, 0046-0047], and particularly that operational data is collected from sensors (1120) of smart connected devices (1102) and that the sensors include at least temperature sensors [Fig. 11; Para. 0029, 0050, 0087, 0154-0155].
Therefore it would have been obvious to one of ordinary skill in the art at the time of effective filing for the invention to collect temperature data from temperature sensors associated with building systems for use in analysis of collected system operational data as taught by Sinha and applied to a method for monitoring of and anomaly detection of multiple distributed devices as taught by Mahaffey and as modified by Sharaga, where temperature is centrally important parameter for many building systems (HVAC equipment for example)..
Consider claim 24 and as applied to claim 23:  The method of claim 23, wherein the second operational data comprises device sensor data, the device sensor data comprising at least one of data provided by an internal temperature sensor, an external temperature sensor, a humidity sensor, a current sensor, a voltage sensor, a fluid level sensor, an atmospheric sensor, and an environmental sensor. Claim 24 is rejected on the same grounds, references, citations and analysis as for claim 22 previously, and as applied to claim 13 and 23.
Consider claim 27 and as applied to claim 13:  The method of claim 13, wherein the method further comprises receiving data from a data service provider.
Mahar does not specifically disclose that data or information is received from an external data service provider.
Sinha, however, discloses secure device registration and operation in a distributed building management system in which operational data is collected from a plurality of building devices and systems, analyzed and distributed [Title; Abstract; FIG. 4-6, 11; Para. 0025, 0046-0047], and particularly that data and information may also be received from external data services, particularly including those for weather data [Fig. 14; Para. 0055, 0121, 0144-0146].
Therefore it would have been obvious to one of ordinary skill in the art at the time of effective filing for the invention to collect data from external data service providers, and in particular weather information for use in analysis of collected system operational data as taught by Sinha and applied to a method for monitoring of and anomaly detection of multiple distributed devices as taught 
Consider claim 28 and as applied to claim 27:  The method of claim 27, wherein the generating the operational data analytics message is further based on the data received from the data service provider. Claim 28 is rejected based on the same references, citations and analysis as for claim 27 previously, and particularly where provision of information from external sources (and particularly weather information) along with operational information to a user provides context and extra information for better [user] decision making [Para. 0055].
Consider claim 29 and as applied to claim 28:  The method of claim 28, wherein the data received from the data service provider comprises weather data. Claim 29 is rejected based on the same references, citations and analysis as for claims 27 and 28 previously.

Allowable Subject Matter
The following claim 13 drafted by the Examiner, incorporating subject matter from claims 14, 27 and 28, and considered to distinguish patentably over the art of record in this application, is presented to applicant for consideration: 
Proposed claim 13:  A method for managing operational data associated with connected devices performed by a trusted analytics service system comprising a processor and a non-transitory computer-readable medium storing instructions that, when executed by the processor, cause the trusted analytics service system to perform the method, the method comprising:
receiving, from a first trusted component executing on a first connected device, first operational data associated with the first connected device, the first operational data being encrypted and generated in accordance with at least a first policy enforced by the first trusted component;
decrypting the first operational data using a key associated with the first trusted component to generate first decrypted operational data;
receiving, from a second trusted component executing on a second connected device, second operational data associated with the second connected device, the second operational data being encrypted and generated in accordance with at least a second policy enforced by the second trusted component, the second policy being different, at least in part, from the first policy; 
decrypting the second operational data using a key associated with the second trusted component to generate second decrypted operational data;
receiving data from a data service provider; 
receiving, from a user system, a request to generate an operational data analytics message based, at least in part, on the first decrypted operational data, the second decrypted operational data and the data from the service provider;
generating, using an analytics engine of the trusted analytics service system, an operational data analytics message based, at least in part, on a comparison between at least part of the first decrypted operational data and a model generated using at least part of the second decrypted operational data; and
transmitting the operational data analytics message to [[a]] the user system.

Response to Arguments
Applicant’s arguments filed on 25-November-2021 have been carefully and fully considered by the Examiner, and responses are provided as follow:
Consider Applicant’s remarks with respect to objection made to the title of the disclosure as insufficiently descriptive [Remarks: page 9-10]:  Applicant’s amendment of the title obviates this objection, which has been withdrawn.
Consider Applicant’s remarks with respect to the rejection of claim 16 under 35 USC §112(b) as indefinite [Remarks: page 9]:  Applicant’s amendment of the claims obviates this rejection, which has been withdrawn.
Consider Applicant’s remarks with respect to the rejection of claims 13, 21, 23, 25 and 26 under 35 USC §102 as anticipated by Mahaffey (US 2015/0163121 A1) [Remarks: page 9-12]: 
Regarding independent claim 13: Applicant’s arguments are, in brief that Mahaffey fails to teach each and every limitation of claim 13 as amended, and in particular, that operational data (both first and second) is encrypted prior to transmission, 
This argument is moot, claim 13 is now rejected under 35 USC §103 as unpatentable over Mahaffey and Sharaga (US 2016/0182499 A1), the new rejection of the claim, and where Sharaga teaches encryption) and decryption) of messages between devices in a trusted environment, using a transport key, unique to the two devices (specifically associated with a particular trusted component).  Applicant has also argued (with respect to cancelled claims 30-31 [Remarks: page 14-15]) that Sharaga fails to teach the use of a key associated with the first (or second) trusted component. This argument is not persuasive. Sharaga clearly teaches that a pairwise master key (PMK) may be generated specifically between a server and device and stored on both devices [Para. 0020] hence, specific and unique for the particular trusted device, and that a transport key for encrypting and decrypting communication between the devices, may be derived from the PMK, therefore also specific to the device [Para. 0053, 0058, 0060, 0068-0069].  Applicant’s additional argument, that Sharaga does not teach a “trusted analytics service system” or specific “operational data” is mere piecemeal analysis, these features are taught by Mahaffey.
Applicant’s additional amended features, a message is based on a comparison of first operational data in comparison with a model generated 
Regarding dependent claims 21, 23, 25 and 26:  Applicant has not provided additional or specific arguments with respect to these claims, and asserts allowability based on the alleged allowability of base claim 13.  These claims are now also rejected under 35 USC §103 over Mahaffey and Sharaga, based in the new rejection of the base claim, and on the particular citations and analysis applied to each in this Office action.
Consider Applicant’s remarks with respect to the rejection of claims 14-20 under 35 USC §103 as unpatentable over Mahaffey and Rayburn (US 2005/0188076 A1) [Remarks: page 12-13]: Applicant’s argument with respect to these claims, asserts in summary, that Rayburn also fails to teach or suggest the amended limitations, and which are alleged not to be taught by Mahaffey.  No additional or specific arguments have been made with respect to these claims.  These claims are now rejected under 35 USC §103 over Mahaffey, Sharaga and Rayburn, the new rejections based on the new rejection of base claim 13 and on the particular citations and analysis presented for each in this Office action.
Consider Applicant’s remarks with respect to the rejection of claims 22, 24 and 27-29 under 35 USC §103 as unpatentable over Mahaffey and Sinha (US 2017/0284691 A1) [Remarks: page 13-14]: Applicant’s argument with respect to 
Consider applicant’s remarks with respect to cancelled claims 30-31 [Remarks: page 14-15]: Remarks with respect to these claims are moot, the claims have been cancelled by the Applicant.  Discussion relating to the substance of these claims, and the reference Sharaga, have been previously addressed with respect to claim 13.

Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure.
Jha et al. (U.S. Patent Application Publication # US 2013/0247194 A1) disclosing securing of medical devices through wireless monitoring and anomaly detection.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the Examiner should be directed to STEPHEN R BURGDORF whose telephone number is (571)270-7328.  The Examiner can normally be reached on Monday and Friday at 11:00 AM to 8:00 PM EST/EDT.
If attempts to reach the Examiner by telephone are unsuccessful
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866)217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800)786-9199 (IN USA OR CANADA) or (571)272-1000.

/STEPHEN R BURGDORF/  Examiner, Art Unit 2684