Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the application 16/202,659 filed on 11/28/2018; Claims 1, 18, and 19 are independent claims.  Claims 1-20 have been examined and are pending. This Action is made Non-FINAL.

	Drawings	
The drawings were received on 11/28/2018.  These drawings are reviewed and accepted by the Examiner.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/28/2018 is being considered by the examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-17 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claim 1, claim 1 is rejected under 35 USC 101 because the claims are/is directed to an abstract idea without being integrated into a practical application nor being significantly more.
The claim reciting the limitations “determining a non-readable attestation …;” “determining a readable attestation …;” and “determining an authentication ...” are directed to an abstract idea as the claims recite mental process.   Accordingly, the claim recites an abstract idea.  This judicial exception is not integrated into a practical application.  Therefore, the claim is not integrated into a practical application.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea.  Generic computer components recited as performing generic computer functions that are well understood, routine and conventional activities amount to no more than implementing the abstract idea with a computerized system.  Therefore, the claim is directed to non-statutory subject matter.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform comparison step amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an 
Regarding claims 2-17, claims 2-17 are rejected under 35 USC 101 because the claims are/is directed to an abstract idea without being integrated into a practical application nor being significantly more.
The claims reciting the limitations “determining the authentication ..;” “determining an unknown location of the device …;” “determining the readable element ...” are directed to an abstract idea as the claims recite mental process.   Accordingly, the claim recites an abstract idea.  This judicial exception is not integrated into a practical application.  Therefore, the claims are not integrated into a practical application.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea.   
As mentioned above, although the claims recite additional elements/steps such as “transmitting the non-readable attestation ...,” “adding the readable attestation …,”  “obtaining the readable attestation …,” “transmitting a message ..,” “binding a readable …,” “generating the readable attestation …” , said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field.  Generic computer components recited as performing generic computer functions that are well understood, routine and conventional activities amount to no more than implementing the abstract 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.
Claims 1-4, 6, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017).
Regarding claim 1, Kekitcheff discloses a method for authenticating trust in an identity of a device, the method comprising: 
determining a non-readable attestation for the device from a non-readable element of the device (Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture; par. 0014, The identifier is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device); 
(Kekitcheff: par. par. 0033, the user device 102 is connected network to the connected device130 via a physical connection, a Bluetooth TM or near-field communication (NFC)); 
Kekicheff does not explicitly disclose determining an authentication for the device based on a comparison of the non-readable attestation and the readable attestation, the authentication being sufficient to indicate trust in an identity of the device.
However, in an analogous art Krahn discloses a security module endorsement, wherein
determining an authentication for the device based on a comparison of the non-readable attestation and the readable attestation, the authentication being sufficient to indicate trust in an identity of the device (Krahn: Col. 6, lines 35-39,  In some implementations, a generalized endorsement credential, which may be a digital certificate for the generalized endorsement key, can be sent as part of the specialized endorsement to certificate authority server 110;  Col. 6, limes 55-65, In some implementations, specialized endorsement credential 148 may be provided to certificate authority server 110 in a request for an attestation identity credential needed by security module 180 (or computing device on which the security module resides).  Certificate authority server 110 may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid.  The validity may be determined by certificate authority server 110 based on a comparison of the extended integrity measurements to one or more valid extended integrity measurements stored at device information database 194).
 (Krahn: Col. 3, lines 5-31).
Regarding claim 2, the combination of Kekicheff and Krahn teaches the method of claim 1.  The combination of Kekicheff and Krahn further teaches performing the comparison at a trust authority operating independently of the device (Kekicheff: fig. 5, par. 0033; Krahn: Col. 6, limes 55-65), the trust authority determining the non-readable attestation through communications with the device (Kekicheff: fig. 5, par. 0033, the user device 102 is connected network to the connected device130 via a physical connection, a Bluetooth TM or near-field communication (NFC); Krahn: Col. 6, limes 55-65, Certificate authority server 110 may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid… ) and  determining the readable attestation through separate communications with another device in proximity to the device (Kekicheff: fig. 5, par. 0033, the user device 102 is connected network to the connected device130 via a physical connection, a Bluetooth TM or near-field communication (NFC); Krahn: Col. 6, limes 55-65, Certificate authority server 110 may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid… ).
Regarding claim 3, the combination of Kekicheff and Krahn teaches the method of claim 2.  Kekicheff further discloses transmitting the non-readable attestation from the trusted authority for storage on the non-readable element (Kekicheff: pars. 0021, 0025, The unalterable memory 118 is used to store the secure identifier 120 that is the basis of trust between the device and the authority 150).
Regarding claim 4, the combination of Kekicheff and Krahn teaches the method of claim 3.  Kekicheff further discloses comprising adding the readable attestation to the readable element in an application process executed independently of the non-readable attestation being transmitted from the trusted authority to the device (Kekicheff: par. 0023, An application service 180, for example, the iTunes Store or Google Play can be used to download the registration application 112 to the device 102).
Regarding claim 6, the combination of Kekicheff and Krahn teaches the method of claim 2.  Kekicheff further discloses comprising the another device wirelessly obtaining the readable attestation from the readable element (Kekicheff:  fig. 5, pars. 0032-0033, connected device 130 providing a user interface for downloading the application 112). 
Regarding claim 18, Kekicheff discloses a non-transitory computer-readable medium having a plurality of instructions executable with a processor of a trusted authority for authenticating trust in an identity of a device, the plurality of instructions being sufficient for: 
(Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture; par. 0014, The identifier is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device; par. 0025, device binding system 190 not only includes the device 102 and the authority 150 but the certificate authority 170 as well.  In such embodiments, the authority 150 also includes cryptographic services 158 and other related information that may include certificates 160  issued by a certificate authority (CA) 170 for verification of the device credentials, when presented.);
 communicating the attestation for use with a readable element and a non-readable element of the device (Kekitcheff: par. 0025, device binding system 190 not only includes the device 102 and the authority 150 but the certificate authority 170 as well.  In such embodiments, the authority 150 also includes cryptographic services 158 and other related information that may include certificates 160 issued by a certificate authority (CA) 170 for verification of the device credentials, when presented; See also par. 0026); 
Kekitcheff further discloses the attestation following receipt from the device and another device in proximity thereto the device and another device in proximity (Kekicheff:  fig. 5, pars. 0032-0033, device 102 and connected device 130; providing a user interface for downloading the application 112) but does not explicitly disclose
“subsequently generating an authentication for the device based on a comparison of the attestation following receipt from the device and another device in proximity thereto, the another device obtaining the attestation from the readable element, the authentication indicating trust in an identity of the device when the comparison indicates the attestations 
However, in an analogous art, Krahn discloses a security module endorsement, wherein
subsequently generating an authentication for the device based on a comparison of the attestation following receipt from the device and another device in proximity thereto (Krahn: Col. 5, lines 9-10, client computing devices 190, Col. 6, lines 35-39,  In some implementations, a generalized endorsement credential, which may be a digital certificate for the generalized endorsement key, can be sent as part of the specialized endorsement to certificate authority server 110;  Col. 6, limes 55-65, In some implementations, specialized endorsement credential 148 may be provided to certificate authority server 110 in a request for an attestation identity credential needed by security module 180 (or computing device on which the security module resides).  Certificate authority server 110 may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid.  The validity may be determined by certificate authority server 110 based on a comparison of the extended integrity measurements to one or more valid extended integrity measurements stored at device information database 194),  the another device obtaining the attestation from the readable element, the authentication indicating trust in an identity of the device when the comparison indicates the attestations received from both the device and the another device matching (Krahn: Col. 5, lines 9-10, client computing devices 190, Col. 7, lines 2-6, Certificate authority server 110 compare the extended integrity measurements to one or more valid extended integrity measurements in valid specialized endorsement credentials stored at the device information database 194. When the one or more extended integrity measurements in the specialized endorsement are valid the certificate authority server 110 may generate and provide attestation identity credential. Receipt of attestation identity credential 144 at security module 180 can validate that the specialized endorsement credential 148 is bound to an authentic security module or that security module 180 is authentic) and  mistrust in the identity of the device when the comparison indicates the attestations received from both the device and the another device failing to match (Krahn: Col. 7, lines 14-19; Otherwise, the requested attestation identity credential 144 may not be provided by the certificate authority server 110 to security module 180 indicating that the specialized endorsement credential 148 is not bound to an authentic security module or that security module 180 may not be authentic).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Krahn with the method and system of Kekitcheff, wherein subsequently generating an authentication for the device based on a comparison of the attestation following receipt from the device and another device in proximity thereto, the another device obtaining the attestation from the readable element, the authentication indicating trust in an identity of the device when the comparison indicates the attestations received from both the device and the another device matching and  mistrust in the identity of the device when the comparison indicates the attestations received from both the device and the another device failing to match to provide users with means for allowing an endorsement authority to provide a generalized endorsement key to a security module, where the security module is associated with a (Krahn: Col. 3, lines 5-31).
Regarding claim 19, Kekicheff teaches an authentication system comprising: 
 a trusted authority for generating an attestation (Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture; par. 0014, The identifier is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device; par. 0025, device binding system 190 not only includes the device 102 and the authority 150 but the certificate authority 170 as well.  In such embodiments, the authority 150 also includes cryptographic services 158 and other related information that may include certificates 160 issued by a certificate authority (CA) 170 for verification of the device credentials, when presented.); 
an unidentified device having the attestation included with a readable element and a non-readable element (Kekitcheff: par. 0025, device binding system 190 not only includes the device 102 and the authority 150 but the certificate authority 170 as well.  In such embodiments, the authority 150 also includes cryptographic services 158 and other related information that may include certificates 160 issued by a certificate authority (CA) 170 for verification of the device credentials, when presented; See also par. 0026; device 102 includes secure identifier 120 in unalterable memory 118 &  certificates); 
(Kekicheff:  fig. 5, pars. 0032-0033, connected device 130; providing a user interface for downloading the application 112); 
Kekicheff does not explicitly disclose wherein the trusted authority generates an authentication for use at the identified device in assessing trust in an identity of the unidentified device based on a comparison of the attestations included on the non-readable element to the attestation read with the identified device from the readable element. 
However, in an analogous art, Krahn discloses a security module endorsement, wherein
wherein the trusted authority generates an authentication for use at the identified device in assessing trust in an identity of the unidentified device based on a comparison of the attestations included on the non-readable element to the attestation read with the identified device from the readable element (Krahn: Col. 7, lines 2-6, 14-19; Certificate authority server 110 compare the extended integrity measurements to one or more valid extended integrity measurements in valid specialized endorsement credentials stored at the device information database 194. When the one or more extended integrity measurements in the specialized endorsement are valid the certificate authority server 110 may generate and provide attestation identity credential. Receipt of attestation identity credential 144 at security module 180 can validate that the specialized endorsement credential 148 is bound to an authentic security module or that security module 180 is authentic).
 (Krahn: Col. 3, lines 5-31).
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Harkins (“Harkins,” US 2014/0247943, published Sep. 4, 2014).
Regarding claim 5, the combination of Kekicheff and Krahn teaches the method of claim 2.  Kekicheff and Krahn do not explicitly disclose comprising the another device optically obtaining the readable attestation from the readable element. 
(Harkins: par. 0037 As further shown in FIG. 2, the configuring device also includes a user interface 250.  The user interface may include any of a variety of different devices for reading machine readable codes, such as a camera or scanner for optically readable codes, such as bar codes and QR codes).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Harkins with the method and system of Kekicheff and Krahn, wherein the another device optically obtaining the readable attestation from the readable element to provide users with means for the Configuring Device ensures that only valid devices are configured and configurable (Harkins: par. 0014).
Claims 7-9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Kiukkonen et al. (“Kiukkonen,” US 2013/0309971, published Nov. 21, 2013).
Regarding claim 7, the combination of Kekicheff and Krahn teaches the method of claim 2. The combination of Kekicheff and Krahn discloses determining the authentication to be sufficient for provisioning the device when the non-readable attestation matches with the readable attestation (Krahn: Col. 5, lines 9-10, client computing devices 190, Col. 7, lines 2-6, Certificate authority server 110 compare the extended integrity measurements to one or more valid extended integrity measurements in valid specialized endorsement credentials stored at the device information database 194. When the one or more extended integrity measurements in the specialized endorsement are valid the certificate authority server 110 may generate and provide attestation identity credential. Receipt of attestation identity credential 144 at security module 180 can validate that the specialized endorsement credential 148 is bound to an authentic security module or that security module 180 is authentic) and determining the authentication to be insufficient for provisioning the device when the non-readable attestation fails to match with the readable attestation (Krahn: Col. 7, lines 14-19; Otherwise, the requested attestation identity credential 144 may not be provided by the certificate authority server 110 to security module 180 indicating that the specialized endorsement credential 148 is not bound to an authentic security module or that security module 180 may not be authentic) but does not explicitly disclose “determining the authentication to be sufficient for provisioning the device to onboard with an access point when the non-readable attestation matches with the readable attestation;” and  “determining the authentication to be insufficient for provisioning the device to onboard with the access point when the non-readable attestation fails to match with the readable attestation.”
However, in an analogous art, Kiukkonen discloses method, apparatus, and computer program product for controlling network access to guest apparatus based on present hosting apparatus, wherein 
determining the authentication to be sufficient for provisioning the device to onboard with an access point (Kiukkonen: par. 0232, The authentication information, such as a password or key, is passed by the access point AP over the backbone network 37 to the access rights server 35.  The authentication module in the access rights server 35 stores the authentication information, such as a password or key, to compare with credentials to be submitted by the guest device B when it accesses the access point AP.  This will enable guest device B to setup an IEEE 802.11 in-band short-range carrier communication connection with the access point AP according to the IEEE 802.11 in-band short-range carrier communication connection parameters); and 
determining the authentication to be insufficient for provisioning the device to onboard with the access point (Kiukkonen: 0232, The authentication information, such as a password or key, is passed by the access point AP over the backbone network 37 to the access rights server 35.  The authentication module in the access rights server 35 stores the authentication information, such as a password or key, to compare with credentials to be submitted by the guest device B when it accesses the access point AP.  This will enable guest device B to setup an IEEE 802.11 in-band short-range carrier communication connection with the access point AP according to the IEEE 802.11 in-band short-range carrier communication connection parameters).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kiukkonen with the method and system of Kekicheff and Krahn, wherein determining the authentication to be sufficient for provisioning the device to onboard with an access point when the non-readable attestation matches with the readable attestation; and determining the authentication to be insufficient for provisioning the device to onboard with the access point when the non-readable attestation fails to match with the readable attestation to provide users with means for  enables the hosting apparatus to generate unique random numbers so as to improve security of the hosting apparatus.  The method enables making  (Kiukkonen: abstract; par. 0233).
Regarding claim 8, the combination of Kekicheff, Krahn, and Kiukkonen teaches the method of claim 7.  The combination of Kekicheff, Krahn, and Kiukkonen further discloses transmitting a message from the trust authority to the another device for indicating whether the authentication is sufficient or insufficient for provisioning the device to onboard with the access point (Kekicheff: fig. 5, par. 0033; Krahn: Col. 5, lines 9-10, client computing devices 190, Col. 7, lines 2-6, 14-19, Certificate authority server 110 compare the extended integrity measurements to one or more valid extended integrity measurements in valid specialized endorsement credentials stored at the device information database 194. When the one or more extended integrity measurements in the specialized endorsement are valid the certificate authority server 110 may generate and provide attestation identity credential. Receipt of attestation identity credential 144 at security module 180 can validate that the specialized endorsement credential 148 is bound to an authentic security module or that security module 180 is authentic ...; Kiukkonen: par. 0232).
Regarding claim 9, the combination of Kekicheff, Krahn, and Kiukkonen teaches the method of claim 8.  The combination of Kekicheff, Krahn, and Kiukkonen further teaches further comprising executing a provisioning process for the device when the authentication is sufficient, the provisioning process including the device and the another device and/or the access point exchanging information needed to onboard the device with the access point (Kekicheff:  fig. 5, pars. 0032-0033, device 102 and connected device 130; providing a user interface for downloading the application 112; Krahn: Col. 5, lines 9-10, client computing devices 190, Col. 7, lines 2-6, 14-19; Kiukkonen: par. 0232). 
Regarding claim 20, the combination of Kekicheff and Krahn teaches the system of claim 19.  Krahn discloses the authentication indicating trust in the identity of the unidentified device as recited above but does not explicitly disclose “wherein the identified device executes a provisioning process for automatically onboarding the unidentified device to an access point in response to the authentication indicating trust in the identity of the unidentified device.”
However, in an analogous art, Kiukkonen discloses method, apparatus, and computer program product for controlling network access to guest apparatus based on present hosting apparatus, wherein 
the identified device executes a provisioning process for automatically onboarding the unidentified device to an access point in response to the authentication indicating trust in the identity of the unidentified device (Kiukkonen: par. 0232  The authentication information, such as a password or key, is passed by the access point AP over the backbone network 37 to the access rights server 35.  The authentication module in the access rights server 35 stores the authentication information, such as a password or key, to compare with credentials to be submitted by the guest device B when it accesses the access point AP.  This will enable guest device B to setup an IEEE 802.11 in-band short-range carrier communication connection with the access point AP according to the IEEE 802.11 in-band short-range carrier communication connection parameters).
 (Kiukkonen: abstract; par. 0233).
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), and further in view of Kiukkonen et al. (“Kiukkonen,” US 2013/0309971, published Nov. 21, 2013), and Rattner et al. (“Rattner,” US 2015/0317467, published Nov. 5, 2015).
Regarding claim 10, the combination of Kekicheff, Krahn, and Kiukkonen teaches the method of claim 9.  Kekicheff, krahn, and Kiukkonen do not explicitly disclose comprising the provisioning process including a manual verification and an automated onboarding, the manual verification occurring as a function of a user input to the another device verifying the access point for onboarding, the automated onboarding occurring with the another device providing parameters to the device needed for automatically onboarding with the access point without corresponding user input of the parameters to the device. 
(Rattner: par. 0029, For example, a keypad or touchscreen on administrative entity device 130 may be used to manually input a text entry corresponding to the ID (e.g., an alphanumeric code labeled on onboardable device 110, and/or included in a packaging of onboardable device 110)) and an automated onboarding (Rattner: pars. 0029-0030), the manual verification occurring as a function of a user input to the another device verifying the access point for onboarding (Rattner: par. 0029, For example, a keypad or touchscreen on administrative entity device 130 may be used to manually input a text entry corresponding to the ID (e.g., an alphanumeric code labeled on onboardable device 110, and/or included in a packaging of onboardable device 110), the automated onboarding occurring with the another device providing parameters to the device needed for automatically onboarding with the access point without corresponding user input of the parameters to the device (Rattner: pars. 0029-0030, Once obtained, administrative entity device 130 then sends the ID (or data including the ID) to an AP component of enhanced router 120 which then internally routs the ID to a Wi-Fi modem component of enhanced router 120.  Enhanced router 120 subsequently connects to onboardable device 110 via the modem component of enhanced router 120, and transmits the ID along with Wi-Fi credentials to onboardable device 110.  Onboardable device 110 then determines whether the received ID matches an internally stored ID, wherein access to the personal network is granted only if the received ID matches the internally stored ID). 
 (Rattner: abstract,  pars. 0005, 0025, 0031).
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) ) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Kiukkonen et al. (“Kiukkonen,” US 2013/0309971, published Nov. 21, 2013), and Won (“Won,” US 8,488,493, published Jul. 16, 2013).
Regarding claim 11, the combination of Kekicheff, Krahn, and Kiukkonen the method of claim 7.  Kekicheff, Krahn, and Kiukkonen do not explicitly disclose further comprising selecting the access point from one more access points associated with the 
However, in an analogous art, Won discloses apparatus and method for automatic access in a wireless communication system, wherein selecting the access point from one more access points associated with the another (Won: Col. 3, lines 63 to Col. 4, lines 23; configurator configured to, when there are two or more detected APs, transmit a message including a Medium Access Control (MAC) address of an AP, which has been selected among the detected APs by an input of a user, to the selected AP and for performing a WPS with the selected AP, thereby accessing a wireless Local Area Network (LAN)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Won with the method and system of Kekicheff, Krahn, and Kiukkonen, wherein selecting the access point from one more access points associated with the another device, the another device having been previously onboarded with or delegated configurator status for the one or more access points to provide users with means for providing a User Equipment (UE) that can automatically connect with an Access Point (AP) without a separate process or special knowledge when a user of the UE wants to use a wireless Local Area Network (LAN) (Won: Col. 1, lines 41-43).
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Zhang et al. (“Zhang.
Regarding claim 12, the combination of Kekitcheff and Krahn discloses the method of claim 1.  The combination of Kekitcheff and Krahn further teaches determining the authentication to be sufficient for provisioning the device when the non-readable element matches with the readable element (Krahn: Col. 5, lines 9-10, client computing devices 190, Col. 7, lines 2-6, Certificate authority server 110 compare the extended integrity measurements to one or more valid extended integrity measurements in valid specialized endorsement credentials stored at the device information database 194. When the one or more extended integrity measurements in the specialized endorsement are valid the certificate authority server 110 may generate and provide attestation identity credential 144 to security module 180. Receipt of attestation identity credential 144 at security module 180 can validate that the specialized endorsement credential 148 is bound to an authentic security module or that security module 180 is authentic; and determining the authentication to be insufficient for provisioning the device when the non-readable element fails to match with the readable element (Krahn: Col. 7, lines 14-19; Otherwise, the requested attestation identity credential 144 may not be provided by the certificate authority server 110 to security module 180 indicating that the specialized endorsement credential 148 is not bound to an authentic security module or that security module 180 may not be authentic) but does not explicitly disclose “determining an unknown location of the device to coincide with a known location of the another device when the non-readable element matches with the readable element;” and “determining the unknown location of the device failing to coincide with the known location of the another device when the non-readable element fails to match with the readable element.”
(Zhang: par. 0002, A wireless communication device can use various position estimation techniques to determine an unknown location of the wireless communication device based on communicating with a plurality of reference wireless communication devices with known locations).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Zhang with the method and system of Kekicheff and Krahn, wherein “determining an unknown location of the device to coincide with a known location of the another device when the non-readable element matches with the readable element;” and “determining the unknown location of the device failing to coincide with the known location of the another device when the non-readable element fails to match with the readable element.” to provide users with means for set of positioning computations determines a more accurate estimate of one or more positions of the wireless network device, minimizes the position estimation error, increases positioning accuracy and improves performance gain.  Thus improves the overall performance of the wireless network device.  The hybrid positioning mechanism can be implemented to improve location estimation of the wireless network device when reference network devices can have different distance calibration constants (Zhang: abstract, pars. 0003, 0014).

Claims 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US Thom,” US 2016/0226657, published Aug. 4, 2016).
Regarding claim 13, the combination of Kekitcheff and Krahn teaches the method of claim 1.  The combination of Kekitcheff and Krahn further discloses
 determining the authentication to be sufficient for provisioning the device when the non-readable attestation matches with the readable attestation (Krahn: Col. 5, lines 9-10, client computing devices 190, Col. 7, lines 2-6, Certificate authority server 110 compare the extended integrity measurements to one or more valid extended integrity measurements in valid specialized endorsement credentials stored at the device information database 194. When the one or more extended integrity measurements in the specialized endorsement are valid the certificate authority server 110 may generate and provide attestation identity credential. Receipt of attestation identity credential 144 at security module 180 can validate that the specialized endorsement credential 148 is bound to an authentic security module or that security module 180 is authentic); and 
determining the authentication to be insufficient for provisioning the device
when the non-readable attestation fails to match with the readable attestation (Krahn: Col. 7, lines 14-19; Otherwise, the requested attestation identity credential 144 may not be provided by the certificate authority server 110 to security module 180 indicating that the specialized endorsement credential 148 is not bound to an authentic security module or that security module 180 may not be authentic) but does not explicitly disclose “determining the readable element being unaltered since a time of association with the non-readable element when the non-readable attestation matches with the readable attestation;” and “determining the readable element being altered since the time of 
However, in an analogous art, Thom discloses portable security device, wherein 
determining the readable element being unaltered since a time of association with the non-readable element (Thom: par. 0072, third party verifier that can decrypt the AIK 326 and verify that the particular software program is unaltered and not malicious to the engaged device 104…); and 
determining the readable element being altered since the time of association with the non-readable element (Thom: par. 0072, … If the particular software program is altered, and potentially malicious).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Thom with the method and system of Kekicheff and Krahn, wherein “determining the readable element being unaltered since a time of association with the non-readable element when the non-readable attestation matches with the readable attestation;” and “determining the readable element being altered since the time of association with the non-readable element when the non-readable attestation fails to match with the readable attestation.” to provide users with means for the device utilizes a dictionary attack prevent mechanism to protect against guessing or automated dictionary attacks while allowing a user to input correct password at sufficient and reasonable number of tries as previous activation of the portable security device exceeds predetermined threshold indicating that the portable security device is not used (Thom: pars. 0003, 0020)
Regarding claim 14, the combination of Kekitcheff, Krahn, and Thom teaches method of claim 13. Kekitcheff further discloses binding the readable attestation and the non-readable attestation to the device prior to deployment of the device such that the time of association occurs prior to deployment (Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture;  par. 0014, The identifier is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device). 
Regarding claim 15, the combination of Kekitcheff, Krahn, and Thom teaches the method of claim 13.  Kekitcheff further discloses binding the readable attestation and the non-readable attestation to the device after deployment of the device such that the time of association occurs after deployment (Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture;  par. 0014, The identifier is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device). 
Regarding claim 16, the combination of Kekitcheff, Krahn, and Thom teaches method claim 13. Kekitcheff further discloses generating the readable attestation and the non-readable attestation as a number or a series of bits (Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture; par. 0014, The identifier is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device).
Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US Thom,” US 2016/0226657, published Aug. 4, 2016), and WiFi Alliance (“WiFi Alliance,” Draft Wi-Fi Device Provisioning Protocol (DPP) Technical Specification, Version 0.0.23, 2016, pages 1-89).
Regarding claim 17, the combination of Kekitcheff, Krahn, and Thom teaches the method of claim 13.  Kekitcheff does not explicitly generating the readable element to include a public key and/or a plurality of attributes associated with the device.
However, in an analogous art, WiFI Alliance discloses a Draft Wi-Fi Device Provisioning Protocol (DPP) Technical Specification, wherein generating the readable element to include a public key and/or a plurality of attributes associated with the device (WiFi Alliance: page 12, 1.2 Scope;  This specification addresses the requirements outline in the Wi-Fi DPP Specification Requirement Document (SRD) [2]. Details are provided for the solution requirement areas identified in the DPP MRD that include: 1. Supporting public key based identities for all devices).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of WiFi Alliance with the method and system of Kekitcheff, Krahn, and Thom, wherein generating the readable element to include a public key and/or a plurality of attributes associated with the device to provide users with means for identifying and authenticate all device (WiFi Alliance: page 16).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Canh Le/
Examiner, Art Unit 2439
March 10th, 2021


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439