DETAILED ACTION
1.	This action is responsive to RCE after the notice of allowance filed with IDS on 03/22/2021. Claims 1-2, 4-10, 12-18 and 20-24 were previously allowed and claims 1, 9 and 17 are independent.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
3.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/22/2021 for application number 16/815,907 has been entered.
Information Disclosure Statement
4.	The information disclosure statements (IDS), filed on 03/22/2021 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.

Allowable Subject Matter
5.	Claims 1-2, 4-10, 12-18 and 20-24 are allowed. 
6.	The following is an examiner’s statements of reasons for allowance:

A.	The first reference/prior art submitted with the RCE and cited in the IDS, US Patent No. 8,250,361 B2 to Kido discloses a server certificate issuing system in which existence of a Web server for which a certificate is to be issued can be confirmed and security is further improved is realized, wherein the user authentication is carried out using a test certificate having the SSL certificate format. Servers transmit server certificate request to the registration server which transmits the test certificate request to the test certificate issuing authority. The test certificate issuing server transmits the generated test certificate to the registration server which transmits the test certificate to the corresponding server and requests to install the test certificate. Then, the registration server accesses with SSL protocol to the server and verifies whether or not the session of the SSL protocol has been established. The registration server transmits the CSR to the certificate issuing server only when the SSL protocol has been established.

B.	The other references/prior arts submitted with the RCE and cited in the IDS, US Patent No. 10,425,392 B2 and Chinese Publication No. CN108141448 to Tal discloses a gateway computing device provide a provisioning service for access credentials to a restricted network, wherein the provisioning service is accessible by an open network. A messaging protocol for the open network may only recognize messages relating to one of a set of services provided by the gateway computing device, including the provisioning service. The gateway computing device may receive, from a client device, a request to connect to the restricted network, wherein the request was sent using the open network. Upon determining whether the client device is authorized to access the 

C.	The other reference/prior art submitted with the RCE and cited in the IDS, US Publication No. 2008/0181379 A1 to Chow discloses a caller name authentication to prevent caller identity spoofing wherein caller name is authenticated using authentication certificates issued by a registration authority that registers callers who wish to terminate calls to callers subscribed to the registration authority. In one embodiment, the authentication certificates are sent to a called device or a proxy for the called device via a path that is separate from the call setup path. An indication is conveyed to the called party to indicate whether the caller name was successfully authenticated. 

D.	The other reference/prior art submitted with the RCE and cited in the IDS, Chinese Publication No. CN101925920 to Chujo discloses a server certificate issuing system enables confirmation of the substantiality of a Web server to which a certificate is issued and further improvement of security. The server certificate issuing system carries out person authentication using a test certificate in the form of an SSL certificate. A Web server, communication server, or a load balancer transmits a server certificate issuance request to a registration server (6). The registration server requests a test certificate issuing institute (8) to issue a test certificate. The test certificate issuing server transmits the generated test certificate to the registration server. The registration server transmits the test certificate to the corresponding server and requests the server to install the test certificate. The registration server accesses the server according to an SSL 

E.	The other reference/prior art submitted with the RCE and cited in the IDS, Chinese Publication No. CN104426895 to Gao F discloses a method for processing information of terminal device, involves transmitting data to content server through data channel, and indicating inner part of data channel on browser of terminal device wherein the method involves establishing a content of a data channel based on a network protocol. A communication protocol is stored in a content server through the data channel. A subscriptor is established by the data channel based on the communication protocol. Data is transmitted to the content server through the data channel. An inner part of the data channel is indicated on a browser of a terminal device. User identification information of the data channel is sent to a universal server. Another user identification information is stored in another terminal device.
F.	The other reference/prior art submitted with the RCE and cited in the IDS, Chinese Publication No. CN105376589 to Chen Hongliang discloses an intelligent TV message push device and method based on MQTT. The device comprises a message managing client module, an application provider server module and a message agent server module, wherein the message managing client module reports the MAC address of a client to the application provider server module, and subscribes a message to the message agent server module by taking an APP ID as the theme; the application provider server module reports the APP ID and the MAC address of the client to the message agent server module, and generates the message subscribed by the message managing client module with the APP ID as the theme; and the message agent server 

	Furthermore, regarding independent claims 1, 9 and 17 the prior art of the record discloses the following:
Schmidt discloses a computer-implemented method, comprising:
sending, from a terminal device [See at least figure 4, ref. 206, “IoT device”], a subscription topic name  [See paragraph 0038, SUBSCRIBE message shown on figure 4, ref. 5 and see paragraph 0039, The message at 5 may include a topic and an identifier of the device 206] to a gateway [See figure 4, ref. 202, “Edge Gateway] to establish a data transmission channel between the terminal device and the gateway [See paragraph 0038, At 5, the device/IOT device may then try to send a SUBSCRIBE message to the information node 208, which may then be routed to the selected trust broker 204 in accordance with the example proxy and routing functions described above. Thus, for example, the device 206 might not know the identity of the trust broker 204. In some cases, the device 206 might only know its “parent” entity represented by the information node 208, to which it tries to make contact. The gateway 202 may then take care of contacting the trust broker 204 for the device 206]

receiving by the terminal device, via the data transmission channel, a certificate installation instruction from a certificate server [See paragraph 0039, and figure 4, step 6 where the terminal device/IoT device shown on figure 1, 206 receives a PUBLISH  message from the Trust Broker 204/ Certificate server, this PUBLISH message meets the limitation “a certificate installation instruction” since based on this message the terminal device will eventually receive a user certificate from the Trust Broker as is shown on figure 4, step 10, 11 and step 12. See the following on paragraph 0039, “If the authentication is successful, the trust broker 204 may create a service access certificate for the device 206. The trust broker 204 may send the certificate to the gateway 202, at 10…The gateway 202 may forward the message to the device 206…At 12, the device 206 may store the valid credential for communication, for example the certificate in accordance with the illustrated example”];

generating, by the terminal device, a [See paragraph 0039 and figure 4, step 7. Wherein in at step 7, the device 206/IoT device may derive/generate a secret key based on a challenge received from the trust broker 204 in the PUBLISH message, and a device secret. At 8, the device 206 may send a PUBLISH message to the trust broker 204. This step 7 shown on figure 7 that generates a secret key based on the challenge from the certification server/Broker 204, meets the limitation “generating a user certificate request based on the Publish message/a certificate installation instruction” since based on this message the terminal device will eventually receive a user certificate from the Trust Broker as is shown on figure 4, step 10, 11 and step 12. See the following recited on paragraph 0039, “If the authentication is successful, the trust broker 204 may create a service access certificate for the device 206. The trust broker 204 may send the certificate to the gateway 202, at 10…The gateway 202 may forward the message to the device 206…At 12, the device 206 may store the valid credential for communication, for example the certificate in accordance with the illustrated example”];
sending the[See paragraph 0039, figure 4, step 8, At 8, the device 206 may send a PUBLISH message to the trust broker 204/certification server. The PUBLISH message may include the challenge encrypted with the secret key. This Step 8 shown on figure 4 meets the limitation, “sending the user certificate request to the certificate server”]; and

receiving, via the data transmission channel, a [See paragraph 0039 and figure 4, step. 10 and 11-12, If the authentication is successful, the trust broker 204/certifications server may create a service access certificate for the device 206/terminal device. The trust broker 204 may send the certificate to the gateway 202, at 10…The gateway 202 may forward the message to the device 206…At 12, the device 206 may store the valid credential for communication, for example the certificate in accordance with the illustrated example].

Schmidt discloses all the limitation recited in the claim. However Shmidt doesn’t explicitly disclose the limitation “user” certificate.
In particular Schmidt doesn’t explicitly disclose the following bolded and underlined claim limitation: “sending the user certificate request to the certificate server and receiving, via the data transmission channel, a user certificate from the certificate server” but Trivelpiece disclose the above claim limitation. In particular Trivelpiece 
“The aspects authenticate devices such as constrained electronic devices on a network and the aspects are configured to generate client private key and generate a certificate request, encrypt the certificate request and client device identification data using the device private key, send the encrypted certificate request and the device identification data to an authentication service on a server computer, receive a session key and certified certificates encrypted with the client private key, construct a client-server certificates/computing tunnel and transfer session key to authenticated client device”


However, the above prior arts of record including the rest of the cited prior arts cited in the IDS either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application that is taken as a whole including the specific functional recited in the independent claims 1, 9 and 17. For this reason, the specific claim limitations recited in independent claims 1, 9 and 17 taken as whole are allowed.

8.	 The dependent claims 2, 4-8, 10, 12-16, 18, 20-24 which are dependent on the above independent claims 1, 9 and 17 being further limiting to the independent claim, definite and enabled by the specification are also allowed.

Conclusion
10.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
A. 	US Publication No. 2013/0061055 to Schibuk discloses a virtual smartcard and methods for creating the same are provided. A virtual smartcard is a set of computer-implemented processes, associated with an individual, which simulate the behavior of a physical smartcard or other authentication token containing a hardware security module. In one embodiment, a computer receives credential data derived from the physical credential and authentication data pertinent to the individual such as a biometric imprint, and creates a virtual smartcard by storing the credential data in association with the authentication data in a network storage. The credential data may later be used for identification and encryption purposes upon the individual providing the authentication data to the network storage, even if the physical credential itself has been lost. Thus, the virtual smartcard provides a network-based method for backing up 

B.	US Publication No. 2005/0076203 A1 to Thornton discloses a method of detecting the expiration of a certificate stored to the plurality of servers within a specified period of time; identifying a managed server corresponding to a detected expiring digital certificate; communicating with the managed server, the communicating causing the managed server to generate a certificate signing request and return the request to the managing device; transmitting a generated and received certificate signing request to a certificate authority; receiving a certificate signed by a certificate authority generated from a certificate signing request; identifying a destination managed server corresponding to a received certificate signed by a certificate authority; installing a received certificate signed by a certificate authority to an identified destination managed server; and configuring an identified destination managed server to use a private key corresponding to an installed certificate.


11.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shaw Yin Chen can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 


/SAMSON B LEMMA/Primary Examiner, Art Unit 2498