Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of claims
This office action is in response to claims filed on 03/12/2019.
Claims 1-24 are pending and rejected; claims 1, 7, 13 and 19 are independent claims

Information Disclosure Statement
The information disclosure statements (IDS)s submitted on 03/12/2019 and 05/21/2020 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over Gulati US Pub. No.: 2018/0041341 A1 (hereinafter Gulati) in view of Loadia et al. US Patent No.: 10,447,683 B1 (hereinafter Loadia)
Gulati teaches:
As to claim 1, a security device provisioning hub (see Gulati Fig. 1, security controller), comprising: 
a memory (see Gulati ¶64); and 
a processor (see Gulati ¶64) configured to: 
receive a first secret token from a device manufacturer, wherein the first secret token is associated with a first service (see Gulati ¶¶135-138, identification module extracts/receive identification token [i.e. first secret token]….; ¶136, 122, ID tokens extracted using including…, a root of trust code 620 (RoT code) and a root of trust data 622 (RoT data). ¶122, the device identification 302 can include an incoming root of trust 504… operating markers 514 [i.e. associated with first service], original equipment manufacturer markers 516 (OEM markers), the key pairs 150, or similar markers); 
receive a second secret token from a customer device having a security chip (see Gulati ¶¶135-138, identification module extracts/receive identification token [first secret token]; ¶43, security master including…. Security chip); 
verify that the first secret token and the second secret token are the same (see Gulati ¶¶144, 187, 194, 195, After the identification module 316 extracts the ID tokens 624, the authentication module 320 verifies the ID tokens 624 to identify whether a secure object is a valid object that may communicate with an authorized system to send or receive secure information); and 
Gulati does not explicitly teach but the related art Loadia teaches:
provide to the customer device access credentials to the first service (see Loadia Col. 15, lines 53-57, Once the IoT device activates the digital certificate and reconnects to the IoT service 822, the identity manager 826 may register the IoT device with the registry 834, which provides information regarding IoT devices associated with a given user account). 
Therefore, it would have been obvious to one with ordinary skill in the art at the time the invention was filed to modify Counterfeit prevention system disclosed by Gulati to include the system for Zero-touch provisioning of IoT devices with multi-factor authentication as thought by Loadia, in order to send provide to the customer device access credentials to perform services. A person with ordinary skill in the art would have been motivated to grant authorization certificate/credentials for specific services in order to enhance security.
wherein the processor is further configured to receive an encryption key injected into the security chip by a manufacturer of the security chip (see Gulati ¶92-93 and Fig. 5, key pairs [i.e. encryption key is embedded/injected]). 

As to claim 3, the combination of Gulati and Loadia teaches the security device provisioning hub of claim 2, wherein providing to the customer device access credentials to the first service includes encrypting the access credentials using the encryption key injected into the security chip by a manufacturer of the security chip (see Gulati ¶93, security information can be encrypted with the public key 154 of one of the key pairs 150 and decrypted using the private key 152). 

As to claim 4, the combination of Gulati and Loadia teaches the security device provisioning hub of claim 2, wherein the first secret token and second secret token are encrypted using the encryption key injected into the security chip by a manufacturer of the security chip (see Gulati ¶92-93 and Fig. 5, key pairs [i.e. encryption key is embedded/injected])... 

As to claim 5, the combination of Gulati and Loadia teaches the security device provisioning hub of claim 1, wherein the second secret token is based upon a unique identifier associated with the security chip (see Gulati ¶136, ID tokens 624 may be extracted by the identification module 316 using any secure information or mechanism, including, but is not limited to, a root of trust code 620 (RoT code) and a root of trust data 622 (RoT data)). 

As to claim 6, the combination of Gulati and Loadia teaches the security device provisioning hub of claim 1, wherein the first secret token and the second secret token are based upon a counter and an account identifier(see Loadia col. 10, lines 65-67 and col. 11, lines 1-3, authentication service 237 may also evaluate a count of provisioning certificates from the device group that have already been 
. 

Gulati teaches:
As to claim 7, a customer device, comprising: 
a secure chip configured to: 
receive and securely store an encryption key from a manufacturer of the security chip at the time of manufacture (see Gulati Fig. 5, key pair); 
receive and securely store a first secret token from a customer device manufacturer, wherein the first secret token is associated with a first service (see Gulati ¶135, The ID tokens 624 may include, but are not limited to, a user identification, a serial number of a device, a device identification, etc…); 
provide the first secret token to a security device provisioning hub (see Gulati ¶136, 122, ID tokens extracted using including…, a root of trust code 620 (RoT code); and 
receive and securely store access credentials to the first service (see Gulati ¶140, the RoT code 620 and RoT data 622 may be programmed into a secure storage unit of a device during programming or configuring the device) ; and 
Gulati does not explicitly teach but the related art Loadia teaches:
a processor configured to connect to the first service using the access credentials for the first service (see Loadia Col. 15, lines 53-57, Once the IoT device activates the digital certificate and reconnects to the IoT service 822, the identity manager 826 may register the IoT device with the registry 834, which provides information regarding IoT devices associated with a given user account).. 
Therefore, it would have been obvious to one with ordinary skill in the art at the time the invention was filed to modify Counterfeit prevention system disclosed by Gulati to include the system for 

As to 8, the combination of Gulati and Loadia teaches the device of claim 7, wherein receiving and securely storing the access credentials includes encrypting the access credentials using the encryption key from a manufacturer of the security chip (see Gulati ¶297, the OEM device certificate 946 has been encrypted and signed with the OEM private key 952, it can be transferred in the clear). 

As to claim 9, the combination of Gulati and Loadia teaches the device of claim 7, wherein receiving and securely storing the first secret token includes encrypting the first secret token using the encryption key from a manufacturer of the security chip (see Gulati ¶297, the OEM device certificate 946 has been encrypted and signed with the OEM private key 952, it can be transferred in the clear). 

As to claim 10, the combination of Gulati and Loadia teaches the device of claim 7, wherein the first secret token is based upon a unique identifier associated with the security chip (see Gulati ¶138, The ID tokens 624 may be unique such that each secure object has its own identification and so none of the secure objects shares its identification with another secure object). 

As to claim 11, the combination of Gulati and Loadia teaches the device of claim 7, wherein the first secret token is based upon a counter and an account identifier (see Loadia col. 10, lines 65-67 and col. 11, lines 1-3, authentication service 237 may also evaluate a count of provisioning certificates 

As to claim 12, the combination of Gulati and Loadia teaches the device of claim 7, wherein the secure chip is further configured to: 
receive and securely store a second secret token from a customer device manufacturer, wherein the second secret token is associated with a second service (see Gulati ¶¶135-138, identification module extracts/receive identification token [first secret token]; ¶43, security master including…. Security chip); 
provide the second secret token to a security device provisioning hub (see Gulati ¶¶144, 187, 194, 195, After the identification module 316 extracts the ID tokens 624, the authentication module 320 verifies the ID tokens 624 to identify whether a secure object is a valid object that may communicate with an authorized system to send or receive secure information); and 
receive and securely store access credentials to the second service (see Gulati ¶¶144, 187, 194, 195, After the identification module 316 extracts the ID tokens 624, the authentication module 320 verifies the ID tokens 624 to identify whether a secure object is a valid object that may communicate with an authorized system to send or receive secure information); and 
the processor is further configured to connect to the second service using the access credentials for the second service (see Gulati ¶295, If the information in the silicon vendor device certificate 926 can be accessed using the silicon vendor public key 954, then the device is authenticated). 

As to independent claim 13, this claim is directed to a method executed by the system of claim 1; therefore it is rejected along similar rationale.
As to independent claim 19, this claim is directed to a method executed by the system of claim 7; therefore it is rejected along similar rationale.
As to dependent claims 14-18 and 20-24, these claims contain substantially similar subject matter as claims 2-6 and 8-12 respectively; therefore they are rejected along the same rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478.  The examiner can normally be reached on Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/NEGA WOLDEMARIAM/Examiner, Art Unit 2433                            

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433