DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 10/5/2020.
Claims 1, 6 and 11-12 have been amended.
Claims 1-15 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Should applicant desire to obtain the benefit of foreign priority under 35 U.S.C. 119(a)-(d) prior to declaration of an interference, a certified English translation of the foreign application must be submitted in reply to this action.  37 CFR 41.154(b) and 41.202(e).
Failure to provide a certified translation may result in no benefit being accorded for the non-English application.


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/3/2020 has been entered.

Response to Arguments
Applicant's arguments filed on 10/5/2020 have been fully considered but they are not persuasive. 
Applicant argues on pages 8-9 of the Remarks that Loladia does not teach a third-party identifier returned to the client by a third-party server before the smart device server receives the third-party login request sent from the client.
In response to the above argument, Examiner respectfully disagrees with the Applicant’s arguments.  Loladia does teach the third-party identifier returned to the client by a third-party server before the smart device server receives the third-party login request sent from the client (Loladia: see figure 5 below; and column 10 lines 1-41, The companion app 505 may provide the credentials to a third-party login service to obtain an access credential to present to the identify service 510. At 523, the companion app 505 authenticates itself to an identity service 510 with the access credential returned by the third-party login service. Provided the access credential from the third-party login service is authenticated, the identity service 510 may return a service managed identifier (client ID) recognized by the IoT service 520 (at 525). The client ID may generally identify a given user in scope to all IoT devices paired with the IoT service 520 
    PNG
    media_image1.png
    815
    1091
    media_image1.png
    Greyscale


Examiner broadly interprets the client identifier which is returned from the identity service to the user mobile device’s companion app as the third-party identifier, the identity service as the third-party server and the user mobile device as the client.  As can be seen in Fig. 5, the client ID is returned to the user mobile device from the identity service before the IoT service receives a request from the user mobile device.  Therefore, Loladia does teach the disputed limitation.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1-15 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Loladia et al. (US 10382203) (hereinafter Loladia).

Regarding claim 1, Loladia discloses a method for controlling a smart device, comprising: receiving, by a smart device server, a third-party login request from a client, wherein the third-party login request comprises a third-party identifier (Loladia: see figure 5 below; and column 10 lines 1-41, “Once a pairing session is active, at 533, the companion app 505 sends the client ID received from the identity service 510 to the IoT device 515 over the communication link established for the pairing session. At 535, the IoT device 515 generates a token request message to send to the IoT service 515 over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection). In one embodiment, the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device 515.”, {Examiner notes the request token is received by the IoT service from the user mobile device’s companion app}), 

    PNG
    media_image1.png
    815
    1091
    media_image1.png
    Greyscale
the third-party identifier being a successfully verified third-party identifier returned to the client by a third-party server before the smart device server receives the third-party login request sent from the client (Loladia: see figure 5 below; and column 10 lines 1-41, The companion app 505 may provide the credentials to a third-party login service to obtain an access credential to present to the identify service 510. At 523, the companion app 505 authenticates itself to an identity service 510 with the access credential returned by the third-party login service. Provided the access credential from the third-party login service is authenticated, the identity service 510 may return a service managed identifier (client ID) recognized by the IoT service 520 (at 525). The client ID may generally identify a given user in scope to all IoT devices paired with the IoT service 520 under that user identity); obtaining, by a smart device server, a proprietary account bound with the third-party identifier, and sending the proprietary account to the client (Loladia: column 10 lines 42-54, “The IoT service 520 may generate a token which includes the device ID and client ID received from the IoT device 515. The token may also include a timestamp indicating when the token was first generated and an authorization code specifying an access or use policy to associate with the IoT device and the client ID. In addition, the IoT service 520 may encrypt the token using a key or key material known only to the IoT service 520. At 537, the IoT service 520 sends the encrypted token to the IoT device 515 over the second communication link. At 539, the IoT device 515 sends a copy of the encrypted token and the device ID to the companion app 505 over the first communication link, e.g., over the previously established BLE session”); and sending, by a smart device server, a control instruction to the smart device according to the proprietary account in response to a request carrying the proprietary account for controlling the smart device sent by the client (Loladia: column 11 lines 1-10, “Provided the IoT service 520 validates the token in the pairing request, then at 545, the IoT service binds a policy associated with the authorization code recovered from the encrypted token to the client ID and to a device shadow instantiated by the IoT service 520 to represent the physical IoT device 515. At 547, the IoT service 520 sends a pairing response message 547 to the companion app 505 indicating whether the pairing was successfully completed”); wherein the smart device server includes a mapping relationship table which stores a mapping relationship between third-party identifiers and proprietary accounts (Loladia: column 3 lines 10-22; and column 10 lines 42-54, “the pairing may include the IoT service verifying a device identifier (device ID) associated with IoT device and a service managed user identity (client ID) in order to configure permissions regarding what the particular user may do with that IoT device”; column 5 lines 29-32, “the IoT service 120 pushes such changes to the corresponding IoT device 110. The IoT service 120 also maintains permission data indicating what users (based on a client ID) have been authorized to control or interact with a given IoT device 110”; column 7 lines 20-67; and column 12 lines 32-46, “the IoT service may retrieve an authorization code from the decrypted token used to identify an access control or use policy to associate with the IoT device participating in the pairing process and the user ID”).  



Regarding claim 11, claim 11 discloses a medium claim that is substantially equivalent to the method of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 11 and rejected for the same reasons.

Regarding claims 2, 7 and 12, Loladia discloses wherein obtaining, by a smart device server, the proprietary account bound with the third-party identifier and sending the proprietary account to the client comprises: inquiring whether there is the proprietary account bound with the third-party identifier in the mapping relationship table (Loladia: see figure 5; column 7 lines 20-67; and column 9 lines 43-67, “the IoT device 300 sends a copy of the encrypted token 305 to the companion app 311 on the mobile device--shown in FIG. 3 as encrypted token (copy) 315. The companion app 311 continues the pairing process by generating a pairing request sent to the IoT service 335. In one embodiment, the pairing request may include device ID 319 (representing IoT device 300), client ID 317 (representing the user of companion app 311), and encrypted token 315. Once received, the IoT service 335 can complete the pairing process by decrypting the encrypted token 315 and comparing the device ID recovered from the encrypted token 315 with the device ID 307 provided by the IOT device 319 in the token request”); when there is the proprietary account bound with the third-party identifier in the mapping relationship table, sending the proprietary account to the client (Loladia: Loladia: column 7 lines 20-67; and column 9 lines 60-67, “Assuming information recovered from token 315 is successfully verified with token 340, the IoT service 335 attaches the policy referenced by the authorization code to the client ID 317, as reflected in the IoT device registry 235, and allows a companion app 311 acting under client ID 317 to interact with the now-paired IoT device 300 via an IoT device shadow 233 instantiated in the IoT service 335 following the pairing process”); when there is no proprietary account bound with the third-party identifier in the mapping relationship table, assigning a proprietary account for the third-party identifier, sending the assigned proprietary account to the client, and binding the assigned proprietary account with the third-party identifier and storing a mapping relationship between the assigned proprietary account and the third-party identifier in the mapping relationship table (Loladia: column 7 lines 20-67, “a client ID may be associated with IoT devices 110 deployed by a user during an initial pairing process used to add new IoT devices 110 to the IoT computing envelopment. As noted, the pairing process pairs a new IoT device 110 being deployed with the companion app 225 on mobile device 105 and IoT service 120 using a three-way handshake between the mobile device 105, IoT device 110, and IoT service”).

Regarding claims 3, 8 and 13, Loladia discloses wherein sending, by a smart device server, the control instruction to the smart device according to the proprietary account in response to the request carrying the proprietary account for controlling the smart device sent by the client comprises: receiving the request carrying the proprietary account for controlling the smart device sent by the client (Loladia: column 11 lines 64-67, “As noted, to do so, the IoT service may decrypt the token using the key associated with the client ID in the request and confirm that the client ID and device ID recovered from the token match the values sent by the companion app in the pairing request”); verifying a match relationship between the client and the smart device according to the proprietary account (Loladia: column 11 lines 42-67; and column 12 lines 32-46, “Otherwise, where the device IDs and the client IDs do match, then the IoT service completes the pairing process by associating the client ID and device ID within the IOT service, e.g., by adding or updating entries in the device registry”); and when the match relationship between the client and the smart device is successfully verified, sending the control instruction to the smart device (Loladia: column 12 lines 1-7 and 40-46, “Provided the IoT service validates the token included in the pairing request, then the IoT service may complete the pairing process by associating an IoT device use and access policy associated with the device ID and IoT device with the client ID associated with the companion application and user”).

Regarding claims 4, 9 and 14, Loladia discloses wherein the third-party identifier is a successfully verified third-party identifier sent from a third-party server to the client before the third-party login request sent from the client is received (Loladia: column 7 lines 20-32, “The client ID within the IoT service 120 may correspond to a user-identity authenticated by a third-party login service (e.g., an oauth service provided by social media services) when that user accesses the IOT service using the companion app 225. As noted, the IoT service 120 may use the client ID as service managed identity for an individual user as well as to represent IoT devices 110 scoped to an enterprise account”).  

Regarding claim 5, 10 and 15, Loladia discloses wherein the proprietary account belongs to an account system of the smart device (Loladia: Loladia: column 7 lines 20-32; and column 9 lines 1-67, “The IoT device 300 receives the encrypted token (e.g., authorization code) 305 from the IoT service ...the IoT service 335 attaches the policy referenced by the authorization code to the client ID 317, as reflected in the IoT device registry 235, and allows a companion app 311 acting under client ID 317 to interact with the now-paired IoT device 300 via an IoT device shadow 233 instantiated in the IoT service 335 following the pairing process”).  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Bhalerao (US 10114939) 	a computer-implemented method for secure communications between devices may include (1) receiving, from a control device that is capable of providing instructions to one or more smart devices, a security certificate that identifies the control device and also contains privilege information that indicates how the control device is allowed to interact with the smart devices
Chen (US 20180288050)	Security functions for a memory corresponding to a smart security storage may be facilitated or executed through operation of utility application corresponding to a smart device
Li (US 9958841)	a method and device for remotely controlling a household appliance. The method includes: sending, by a social application client, a control command for a target household appliance, wherein the control command includes an account of the target household appliance, and the account of the target household appliance is a unique social account registered in a social application server when the target household appliance leaves a factory
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/TRANG T DOAN/Primary Examiner, Art Unit 2431