DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-14, 17, and 19-21 are pending.
	Claims 15-16 and 18 are canceled by Applicant.

Response to Arguments
2.	Applicant’s arguments with respect to claim(s) 1-14, 17, and 19-21 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1-14, 17, and 19-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kuenzi, et al. [2017/0330226] in view of Boivie, et al. [US 2018/0181774].
Claim 1:	Kuenzi, et al.  teaches a method of configuring an electronic lock comprising: 
	generating a public-private key pair at a cryptographic circuit included in the electronic lock; [Kuenzi: 0050; cryptographic algorithms such as AES, ECC, RSA, and the like involves public-private key pair]
transmitting a certificate signing request to a certificate signer, the certificate signing request including a plurality of attributes of the electronic lock; [Kuenzi: 0061; The attribute can be given the broadest interpretation (BRI) as data which may be credentials per se.  The credential module receive the encrypted mobile credential, then validate and decrypt the encrypted mobile credential to retrieve the virtual card data. The decryption and validation may include a digital signature. 0050; The encrypted credential may be generated by the server 14 using well known techniques for digital certificate creation and encryption, and get validated and extracts the virtual card data, then passes the virtual card data into the lock controller as a "virtual card read"]
	receiving a signed certificate from the certificate signer, the signed certificate including cryptographic data reflecting the plurality of attributes in the certificate signing request; [Kuenzi: 0050, 0061]
configuring the signed certificate with a target server endpoint; [Kuenzi: 0061-0062]
connecting the electronic lock to a server at the target server endpoint; and [Kuenzi: 0042]
after receiving acknowledgement from the server, storing in the cryptographic circuit the cryptographic data received from the certificate signer and the target server endpoint using a one-time write command [Kuenzi: 0044; electronic lock system 20 includes the access control, the mobile device, and the server. Examples of one-time write command can be the lock memory as EEPROM - 0046. Another example, one credential is generated for each door or access point and the virtual card data will be the same in each of these separate credentials, but may be encrypted with a unique key for the particular door or access point - 0056], **wherein the one-time command locks the cryptographic circuit after storing the cryptographic data. [**as rejected under a secondary reference, discussed below]
Kuenzi discloses the one-time write command locking the cryptographic circuit of the electronic lock [Kuenzi: 0046, 0056]. However, Kuenzi did not further include “wherein the one-time command locks the cryptographic circuit after storing the cryptographic data”. 
Boivie includes storage mechanism is adapted to store a private key, via a one-time program capability (i.e., after the write of the private key, the write circuit is disabled). Further, an authentication and/or encryption engine that uses the stored 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Boivie with Kuenzi to teach “wherein the one-time command locks the cryptographic circuit after storing the cryptographic data” for the reason that data can never be altered or detected such as a reverse engineering tactic.
Claim 2:  Kuenzi: 0050; discussing the method of claim 1, wherein connecting the electronic lock to the server includes transmitting the signed certificate to the server.
Claim 3:  Kuenzi: 0050, 0064; discussing the method of claim 2, further comprising: after storing the cryptographic data in the cryptographic circuit, transmitting a connection request from the electronic lock to the server, the connection request including a recalculated version of the signed certificate generated by the cryptographic 
Claim 4:  Kuenzi: 0056; discussing the method of claim 2, further comprising storing the signed certificate in a secure storage of the electronic lock.
Claim 5:  Kuenzi: 0050; discussing the method of claim 1, further comprising, at the certificate signer, signing the certificate with a signature of the manufacturer of the electronic lock.
Claim 6:  Kuenzi: 0053-0056; discussing the method of claim 1, wherein connecting to the server at the target server endpoint comprises: forming a secured connection to the server at the target server endpoint; based on the server determining that the electronic lock was not previously registered at the server, performing a device registration process, the device registration process including creation of a plurality of server objects defining a virtual electronic lock record associated with the electronic lock.
Claim 7:  Kuenzi: 0068; discussing the method of claim 6, wherein the plurality of server objects includes a virtual device and a policy, and wherein the signed certificate is stored in association with the virtual device and the policy at the server.
Claim 8:  Kuenzi: 0056; discussing the method of claim 6, wherein the device registration process further includes determining whether the electronic lock is authorized to be registered at the server.
Claim 9:  Kuenzi: 0056-0057; discussing the method of claim 1, wherein receiving the signed certificate includes a certificate name, an issuer identifier associated with a manufacturer of the electronic lock, a serial number of the electronic lock, and validity data.
Claim 10:	Kuenzi, et al. teaches an electronic lock comprising: 
a processing unit; [Kuenzi: 0044]
a locking bolt movable between a locked and unlocked position; [Kuenzi: 0044-0045; Each access control 16 is a wireless-capable, restricted-access, or restricted-use device such as wireless locks, access control readers for building entry, electronic banking controls, data transfer devices, key dispenser devices, tool dispensing devices, and other restricted-use machines. Submits a credential to an electromechanical lock to unlock it]
a motor actuatable by the processing unit to move the locking bolt between the locked and unlocked positions; [Kuenzi: 0045; the lock controller commands the lock actuator to lock or unlock a mechanical or electronic lock. Other examples, the lock of a lockbox, a door lock, or a lock core - 0044]
a wireless communication interface operatively connected to the processing unit; and [Kuenzi: 0043]
a cryptographic circuit having a one-time write function to store cryptographic information that is generated based on a plurality of attributes of the electronic lock and information identifying a target server endpoint [Kuenzi: 0046, 0050], **wherein the one-time command locks the cryptographic circuit after storing the cryptographic data; and [**as rejected under a secondary reference, discussed below]
a memory operatively connected to the processing unit and storing computer-executable instructions which [Kuenzi: 0055-0056], when executed by the processing unit, cause the processing unit to: 
upon initiating communication with a server identified by the cryptographic information, transmitting, via the wireless communication interface [Kuenzi: 0044],  [Kuenzi: 0055-0056]
Kuenzi discloses the one-time write command locking the cryptographic circuit of the electronic lock [Kuenzi: 0046, 0056]. However, Kuenzi did not further include “wherein the one-time command locks the cryptographic circuit after storing the cryptographic data”. 
Boivie includes storage mechanism is adapted to store a private key, via a one-time program capability (i.e., after the write of the private key, the write circuit is disabled). Further, an authentication and/or encryption engine that uses the stored private key to carry out an authentication and/or encryption operation. One pertinent and advantageous aspect is that the private key can never be altered or detected, either by "reverse engineering" [Boivie: 0019]. Boivie’s invention use devices in advanced node CMOS technology as one-time programmable memory to hold a secret or private key as part of a crypto-engine. Boivie further provide a circuit macro to program the one time minimum size device memory with the private key, and then after the write operation, disable the circuit through an electrical fuse or dedicated circuit to prevent a second write to the array (i.e. write disable bit set after the first write) [Boivie: 0023]. Thus, motivation to include “wherein the one-time command locks the cryptographic circuit after storing the cryptographic data” would be obvious that data can never be altered or detected such as a reverse engineering tactic.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Boivie with Kuenzi to teach “wherein the one-time command locks the cryptographic circuit after storing the 
Claim 11:  Kuenzi: 0050; discussing the electronic lock of claim 10, wherein the certificate comprises a signed certificate received from a certificate signer associated with a manufacturer of the electronic lock.
Claim 12:  Kuenzi: 0052; discussing the electronic lock of claim 11, wherein the certificate signer comprises a cloud provisioning server.
Claim 13:  Kuenzi: 0062-0063; discussing the electronic lock of claim 10, wherein transmitting the certificate to the server validates that, prior to communication with the server, the electronic lock is authorized to communicate with the server and has not been tampered with.
Claim 14:	Kuenzi, et al. teaches a method of configuring a server account associated with an electronic lock, the method comprising: 
receiving a secure connection request from an electronic lock, the secure connection request including a certificate generated by the electronic lock and including a plurality of attributes of the electronic lock; [Kuenzi: 0055-0056]
based on the server determining, from the certificate information, that the electronic lock is authorized to communicate with the server but has no corresponding server record: [Kuenzi: 0063, 0072]
determining whether the electronic lock is an authorized electronic lock by comparing an identifier of the electronic lock received in the certificate to a permission list; [Kuenzi: 0061-0062; identifier of electronic lock can be given BRI as credential identifier, or key, or data that relates to lock/unlock for example a room/door – see also 0050, 0053, 0056]
[Kuenzi: 0068]
associating the policy with the virtual device; [Kuenzi: 0056, 0062]
associating the certificate with the policy; [Kuenzi: 0068]
activating the certificate; and [Kuenzi: 0050]
transmitting an acknowledgement of activation of the certificate to the electronic lock; [Kuenzi: 0056]
	receiving a second secure connection request from the electronic lock after a connection to the electronic lock based on the first secure connection request is terminated, the second secure connection request [Kuenzi: 0050, 0056; As discussed prior in para 0056; the method and type of credential used may be a compressed digital certificate or a standard based certificate like X.509 or other certificate format known to the art. That is, for example, the virtual card data is encrypted into the credential with a unique key known by the credential module and by the credential service] including an instance of the certificate generated at the time of the second secure connection request; and [Kuenzi: 0057-0058; second secure connection request suggests another connection such as the user can operate the access control in an offline mode at any later time without the mobile device being required to be connected to the credential service whereby the user indicates such intent through a gesture, a click of a button, a tap on the screen, a finger print read, password, proximity to the lock, touching the lock, etc. In response to this, intent, the hotel loyalty mobile application again calls the software-to-software API in the mobile library to initiate the secure transfer of the encrypted mobile credential to the access control]
	confirming that the electronic lock is authorized to communicate with the server [Kuenzi: 0042, 0044], thereby causing the electronic lock to store cryptographic data used to create the certificate and target server information identifying the server into a cryptographic circuit of the electronic lock [Kuenzi: 0059, 0060-0062] using a one-time write command, the one-time write command locking the cryptographic circuit of the electronic lock after storing the cryptographic data. [**as rejected under a secondary reference, discussed below]
Kuenzi discloses the one-time write command locking the cryptographic circuit of the electronic lock [Kuenzi: 0046, 0056]. However, Kuenzi did not further include “using a one-time write command…after storing the cryptographic data”. 
Boivie includes storage mechanism is adapted to store a private key, via a one-time program capability (i.e., after the write of the private key, the write circuit is disabled). Further, an authentication and/or encryption engine that uses the stored private key to carry out an authentication and/or encryption operation. One pertinent and advantageous aspect is that the private key can never be altered or detected, either by "reverse engineering" [Boivie: 0019]. Boivie’s invention use devices in advanced node CMOS technology as one-time programmable memory to hold a secret or private key as part of a crypto-engine. Boivie further provide a circuit macro to program the one time minimum size device memory with the private key, and then after the write operation, disable the circuit through an electrical fuse or dedicated circuit to prevent a second write to the array (i.e. write disable bit set after the first write) [Boivie: 0023]. Thus, motivation to include “using a one-time write command, the one-time write command locking the cryptographic circuit of the electronic lock after storing the cryptographic data” would be obvious that data can never be altered or detected such as a reverse engineering tactic.

Claim 15:  Kuenzi: 0056-0057, 0063; discussing the method of claim 14, further comprising, after transmitting the acknowledgement, terminating a connection to the electronic lock.
Claim 16:  Kuenzi: 0050; discussing the method of claim 15, further comprising: receiving a second secure connection request from the electronic lock, the second secure connection request including an instance of the certificate generated at the time of the second secure connection request.
Claim 17:  Kuenzi: 0053-0056; discussing the method of claim 16, further comprising: based on the server determining, from the certificate information, that the electronic lock is authorized to communicate with the server and has been registered at the server, authorizing communication with the electronic lock.
Claim 18:  Kuenzi: 0050, 0056; discussing the method of claim 16, further comprising: at the electronic lock, upon receiving confirmation that the electronic lock is authorized to communicate with the server, storing cryptographic data used to create the certificate and target server information identifying the server into a cryptographic circuit of the electronic lock using a one-time write command.
Claim 19:  Kuenzi: 0056, 0063; discussing the method of claim 16, further comprising: based on the server determining, from the certificate information, that the electronic lock 
Claim 20:  Kuenzi: 0059; discussing the method of claim 19, wherein the tamper alarm is addressed to an owner user of the electronic lock and comprises at least one of an email, a text message, an automated voice message, or an application notification.
Claim 21:  Kuenzi: 0063; discussing the method of claim 19, wherein the tamper alarm is addressed to an administrator of the server.

Conclusion
4.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571) 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


LEYNNA T TRUVAN
Examiner
Art Unit 2435



/L.TT/Examiner, Art Unit 2435 

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435