Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/04/2020 has been entered; wherein claims 1, 4, 5, 9, 11, 12, 14, 16, 17, and 20 have been amended.

DETAILED ACTION
Claims 1 – 24 remain pending and have been examined.

Response to Amendment
Claim objections for claims 20 – 24 are withdrawn in view of Applicants’ amendments.
35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ) first paragraph rejection for claim 20 – 24 are withdrawn in view of Applicants’ amendments.

Response to Arguments
Applicants’ arguments filed on 06/24/2020 regarding claims 1, 9, 14, and 20 have been considered but are not persuasive.

Regarding amended claim 1, Applicant argues that “…The combination of Moran, Pappachan, and Asokan does not appear to include any discussion of the result of the attestation request includes an attestation key generated from a key generation process seeded with a hash of the software update package as recited in claim 1.” (Emphasis original.  Remark; p. 11: las full paragraph.)
Examiner respectfully disagrees.  Asokan also teaches the result of the attestation request includes an attestation key generated from a key generation process seeded with a hash of the software updated package (Asokan, Fig. 1, p. 3 – p. 4, section “4. PROTOCOL DESCRIPTION”; …Device initialization. Each Di in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) signed by OP which guarantees that ci is a valid software configuration of Di…Device registration. Whenever Di initially joins S or changes its position it executes join with each new neighbor Dj… An attestation key kij, shared between Di and each neighbor Dj is established during join. The set of attestation keys Di established with its neighbors is denoted Ki.  Key establishment can be done using an authenticated key agreement protocol based on devices’ ski, skj, cert(pki) (hash) and cert(pkj) (hash)… In fact, any key establishment protocol can be used with SEDA as long as it provides integrity of key agreement and secrecy of generated keys. Formally:
i : ski;Dj : skj ;
       *: cert(pki); cert(pkj); cert(ci); cert(cj)]
               [Wingdings font/0xE0][Di : kij ;Dj : kij ].)  cert(ci) == hash of codes, see “table 1: Variables and parameters” on p. 3. (Emphasis added.)
The device initialization and device registration are results of the attestation request.  The attestation key is generated in the attestation registration.  Furthermore, the attestation key is generated based on ci and cj which are hash of codes.  Therefore, the attestation key is generated based on hash of the software package.
Moran, Pappachan, and Asokan read onto limitations of claim 1; therefore, claim 1 and its dependent claims remain rejected.
Claims 9, 14, and 20 recite amendments in similar manner as claim 1 above; therefore, they and their dependent claims also remain rejected.

Claim Objections
Claims 3, 10, 15, 23, and 24 are objected to because of the following informalities:
Claim 3
Line 3; change “an attestation key” to --the attestation key--.
	 Change “a hash” to --the hash--.
Claim 10
Line 3; change “an attestation key” to --the attestation key--.
	 Change “a hash” to --the hash--.
Claim 15

	 Change “a hash” to --the hash--.
Claim 23
Line 2; insert --on-- between “based” and “receipt”.
	 Insert --,-- after “edge device”.
Line 5; insert --the-- before “installation”.
Claim 24
Change all “the new device identity” to --the new device cryptographic identity--.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1, 3, 4, 6, 7, 9 – 11, 14 – 16, 18, and 20 – 22 are rejected under 35 U.S.C. 103 as being unpatentable over B. Moran (NPL “A Firmware Update Architecture for Internet of Things Devices draft-ietf-suit-architecture-01”; hereinafter Moran; IDS filed on 05/03/2019; art of the record) in view of Pappachan et al. (Pub. No. US 2017/0024570 A1; hereinafter Pappachan; art of the record) and N. Asokan (NPL “SEDA: Scalable Embedded Device Attestation”; hereinafter Asokan; IDS filed on 05/03/2019; art of the record.)

Claim 1
Moran teaches an orchestration apparatus for attestation manifest derivation and distribution (Moran, p. 12 – 14, Figs. 1 – 4, system has devices and servers.  P. 7, section 3.3; End-to-end security between the author and the device, as shown in section 5, is used to ensure that the device can verify firmware images and manifests produced by authorized authors…; p. 10 & p. 13, verifying the manifest), the orchestration apparatus comprising: 
processing circuitry; and 
memory including instructions (Moran, p. 4, fourth and fifth full paragraphs; Device: The device is the recipient of the firmware image and the manifest…--… Communicator: The communicator component of the device interacts with the firmware update server…; device has processing circuitry and memory) that, when executed by the processing circuitry, cause the processing circuitry to perform operations to: 
obtain a software update package manifest from an edge device (Moran, p. 13, …To accept an update, a device needs to verify the signature covering the manifest. (edge device)…;  p. 15, manifest data structure comprises cryptographic information such as digital signatures or message authentication codes (MACs).);
one integrity measurement for a software update package associated with the software update package manifest based on the software update package manifest (Moran, p. 13, …The following assumptions are made to allow the device to verify the received firmware image and manifest before updating software: 
- To accept an update, a device needs to verify the signature covering the manifest…),a security  (Moran, p. 18; last half paragraph; Firmware updates fix security vulnerabilities and are considered to be an important building block in securing IoT devices…; p. 11, section “4. Claims”; Claims in the manifest offer a way to convey instructions to a device that impact the firmware update process…--…The baseline claims for all manifests…--… Only install firmware with a matching vendor, model, hardware revision, software version (security version number), etc…).
the at least one integrity measurement
Pappachan teaches the at least one integrity measurementbased on a security version number included in the software update package manifest (Pappachan, Fig. 4; [0045] …The computing device 100 may collect attestation information such as the identity of the I/O controller 144, the identity of the firmware code (e.g., a cryptographic hash of the firmware code), the signer of the firmware code, and/or a security version number of the firmware code…The computing device 100 may verify, for example, the cryptographic hash of the firmware code and ensure that the code was signed by a trusted entity (e.g., a processor manufacturer such as Intel® or a manufacturer of the computing device 100), verify the security version number, or verify other information associated with the firmware code)
Moran and Pappachan are in the same analogous art as they are in the same field of endeavor, verifying devices having software.  Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to incorporate Pappachan teachings into Moran invention to use utilize include security version number for firmware and use it to verify the firmware as suggested by Pappachan ([0045].)
But, Moran and Pappachan do not teach generate at least one integrity measurement for a software update package associated with the software update package manifest based on the software update package manifest, 
However, Asokan teaches
generate at least one integrity measurement for a software update package associated with the software update package manifest based on the software update package manifest (Asokan, Fig. 1; p. 3: right column – p. 4: left column, section “4.1 Offline Phase”; Device initialization. Each Di (edge device) in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) (Moran’s manifest has digital signature or MAC) signed by OP which guarantees that ci is a valid software configuration of Di.3 Furthermore, Di is initialized with a signing key pair (ski; pki) along with an identity certificate cert(pki) signed by OP, guaranteeing that pki belongs to Di…--… An attestation key kij, shared between Di and each neighbor Dj is established during join. The set of attestation keys Di established with its neighbors is denoted Ki …), ; Moran manifest has security version number, and Asokan generates integrity measurement based on manifest [Wingdings font/0xE0] the integrity measurement is generated based on security version number;
initiate an attestation request with the edge device (Asokan, Fig. 1, p. 3 – p. 4, section “4. PROTOCOL DESCRIPTION”; SEDA has two phases: (1) an off-line phase whereby devices are introduced into the swarm, and (2) an on-line phase performing actual attestation. The off-line phase is executed only once and consists of device initialization and device registration. The on-line phase is executed repeatedly for every attestation request from a verifier VRF. In this phase, each device Di (edge device) is attested individually and accumulated attestation is reported to VRF. Figure 1 shows a sample swarm formed initially of seven devices with an eighth device D8 being initialized by the swarm operator OP and joining the swarm. It also shows VRF running an attestation protocol instance…); 
verify the edge device based on the at least one integrity measurement and a result of the attestation request (Asokan, Fig. 1, p. 3 – p. 4, section “4. PROTOCOL DESCRIPTION”, SEDA has two phases: (1) an off-line phase whereby devices are introduced into the swarm, and (2) an on-line phase performing actual attestation. The off-line phase is executed only once and consists of device initialization and device registration. The on-line phase is executed repeatedly for every attestation request from a verifier VRF. In this phase, each device Di (edge device) is attested individually and accumulated attestation is reported to VRF. Figure 1 shows a sample swarm formed initially of seven devices with an eighth device D8 being initialized by the swarm operator OP and joining the swarm. It also shows VRF running an attestation protocol instance…), wherein the result of the attestation request includes an attestation key generated from a key generation process seeded with a hash of the software updated package (Asokan, Fig. 1, p. 3 – p. 4, section “4. PROTOCOL DESCRIPTION”, …Device initialization. Each Di in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) signed by OP which guarantees that ci is a valid software configuration of Di…Device registration. Whenever Di initially joins S or changes its position it executes join with each new neighbor Dj… An attestation key kij, shared between Di and each neighbor Dj is established during join. The set of attestation keys Di established with its neighbors is denoted Ki.  Key establishment can be done using an authenticated key agreement protocol based on devices’ ski, skj, cert(pki) (hash) and cert(pkj) (hash)… In fact, any key establishment protocol can be used with SEDA as long as it provides integrity of key agreement and secrecy of generated keys. Formally:
Join [Di : ski;Dj : skj ;
       *: cert(pki); cert(pkj); cert(ci); cert(cj)]
               [Wingdings font/0xE0][Di : kij ;Dj : kij ].)  cert(ci) == hash of code, see “table 1: Variables and parameters” on p. 3.); and 
generate an attestation record for the edge device based on the verification (Asokan, Fig. 1, p. 3 – p. 4, section “4. PROTOCOL DESCRIPTION”; SEDA has two phases: (1) an off-line phase whereby devices are introduced into the swarm, and (2) an on-line phase performing actual attestation. The off-line phase is executed only once and consists of device initialization and device registration. The on-line phase is executed repeatedly for every attestation request from a verifier VRF. In this phase, each device Di (edge device) is attested individually and accumulated attestation (record) is reported to VRF. Figure 1 shows a sample swarm formed initially of seven OP and joining the swarm. It also shows VRF running an attestation protocol instance…)
Moran Pappachan, and Asokan are in the same analogous art as they are in the same field of endeavor, verifying devices having software.  Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to incorporate Asokan teachings into Moran/Pappachan invention to use Asokan SEDA technique to efficiently attest swarms with dynamic and static topologies as suggested by Asokan (p. 1, abstract.)

Claim 3
Moran and Pappachan do not explicitly teach the processing circuitry to perform operations to generate an attestation key for the edge device based on a hash of the software update package manifest, wherein the verification of the edge device includes use of the attestation key.
Asokan teaches the processing circuitry to perform operations to generate an attestation key for the edge device based on a hash of the software update package manifest, wherein the verification of the edge device includes use of the attestation key (Asokan, p. 4, section “Device Registration”; …An attestation key kij, shared between Di and each neighbor Dj is established during join. The set of attestation keys Di established with its neighbors is denoted Ki.  Key establishment can be done using an authenticated key agreement protocol based on devices’ ski, skj, cert(pki) (hash) and cert(pkj) (hash)… In fact, any key establishment protocol can be 
Join [Di : ski;Dj : skj ;
       *: cert(pki); cert(pkj); cert(ci); cert(cj)]
               [Wingdings font/0xE0][Di : kij ;Dj : kij ].)  cert(ci) == hash of code, see “table 1: Variables and parameters” on p. 3.  The motivation for incorporating into Moran is the same motivation in claim 1.

Claim 4
Moran and Pappachan do not explicitly teach generate a new device cryptographic identity for the edge device; sign the new device cryptographic identity with a certificate corresponding to a current device cryptographic identity; and transmit the new device cryptographic identity to the edge device, wherein the verification of the edge device includes use of the new device cryptographic identity.
Asokan teaches generate a new device cryptographic identity for the edge device (Asokan, p. 3: left column, section “3: PRELIMINARIES AND NOTATION”; …Signature scheme. A signature scheme is a tuple of (probabilistic polynomial time) algorithms (genkeysign, sign, versig). (sk; pk) ← genkeysign(1lsign ) outputs a secret signing key sk and a public verification key pk with security parameter lsign ∈ N. On input of message m and sk, sign outputs a signature σ on m, i.e., σ ← sign(sk; m); versig(pk; m; σ) ∈  {0, 1} verifies σ given m and pk…); 
sign the new device cryptographic identity with a certificate corresponding to a current device cryptographic identity (Asokan, Fig. 1, p. 3: right column – p. 4: Device initialization. Each Di in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) signed by OP which guarantees that ci is a valid software configuration of Di.3 Furthermore, Di is initialized with a signing key pair (ski; pki) along with an identity certificate cert(pki) signed by OP, guaranteeing that pki belongs to Di…); and 
transmit the new device cryptographic identity to the edge device, wherein the verification of the edge device includes use of the new device cryptographic identity (Asokan; Fig. 1, p. 3: right column – p. 4: left column, section “4.1 Offline Phase”; Device initialization. Each Di (edge device) in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) signed by OP which guarantees that ci is a valid software configuration of Di.3 Furthermore, Di is initialized with a signing key pair (ski; pki) along with an identity certificate cert(pki) signed by OP, guaranteeing that pki belongs to Di…) The motivation for incorporating into Moran is the same motivation in claim 1.

Claim 6
Moran and Pappachan do not explicitly teach the processing circuitry to perform operations to issue a token to the edge device based on the verification.
Asokan teaches the processing circuitry to perform operations to issue a token to the edge device based on the verification (Asokan, Fig. 1, p. 3 – p. 4, VRF. In this phase, each device Di (edge device) is attested individually and accumulated attestation (record, token) is reported to VRF. Figure 1 shows a sample swarm formed initially of seven devices with an eighth device D8 being initialized by the swarm operator OP and joining the swarm. It also shows VRF running an attestation protocol instance…) The motivation for incorporating into Moran is the same motivation in claim 1.

Claim 7
Moran teaches the processing circuitry to perform operations to update an attestation manifest for the edge device based on the software update package manifest (Moran, p. 17, The following example message flow illustrates the interaction for distributing a firmware image to a device starting with an author uploading the new firmware to Firmware Server and creating a manifest.  The firmware and manifest are stored on the same Firmware Server.)  

Claim 9
This is a non-transitory machine-readable medium version of the rejected orchestration apparatus version in claim 1; therefore, it is rejected for the same reasons.

Claim 10
This limitation is already discussed in claim 3; therefore, it is rejected for the same reasons.

Claim 11
This limitation is already discussed in claim 4; therefore, it is rejected for the same reasons.

Claim 14
This is a method version of the rejected orchestration apparatus version in claim 1; therefore, it is rejected for the same reasons.

Claim 15
This limitation is already discussed in claim 3; therefore, it is rejected for the same reasons.

Claim 16
This limitation is already discussed in claim 4; therefore, it is rejected for the same reasons.

Claim 18
This limitation is already discussed in claim 6; therefore, it is rejected for the same reasons.

Claim 20
Moran teaches an edge computing device for attestation manifest derivation and distribution (Moran, p. 12 – 14, Figs. 1 – 4, system has devices and servers.  P. 7, section 3.3; End-to-end security between the author and the device, as shown in section 5, is used to ensure that the device can verify firmware images and manifests produced by authorized authors…; p. 10 & p. 13, verifying the manifest), the edge computing device comprising: 
processing circuitry; and 
memory including instructions (Moran, p. 4, fourth and fifth full paragraphs; Device: The device is the recipient of the firmware image and the manifest…--… Communicator: The communicator component of the device interacts with the firmware update server…; device has processing circuitry and memory) that, when executed by the processing circuitry, cause the processing circuitry to perform operations to: 
transmit a software update package manifest to an orchestration edge device (Moran, pp. 17 – 18, The following example message flow illustrates the interaction for distributing a firmware image to a device (an edge device)…--…The firmware and manifest are stored on the same Firmware Server (computing edge device)…; p. 15, manifest data structure comprises cryptographic information such as digital signatures or message authentication codes (MACs)), [;
install a software update package associated with the software update package manifest (Moran, p. 10, An alternative approach is to consider the steps a  If the Device has downloaded a new firmware image and is ready to install it, it may need to wait for a trigger from a Communicator to install the firmware update, may trigger the update automatically, or may go through a more complex decision making process to determine the appropriate timing for an update…; pp. 17 – 18, software update is installed.)
But, Moran does not explicitly teach the software update package manifest including a security version number; 
Pappachan teaches 
the software update package manifest including a security version number (Pappachan, Fig. 4; [0045] … The computing device 100 may collect attestation information such as the identity of the I/O controller 144, the identity of the firmware code (e.g., a cryptographic hash of the firmware code), the signer of the firmware code, and/or a security version number of the firmware code…The computing device 100 may verify, for example, the cryptographic hash of the firmware code and ensure that the code was signed by a trusted entity (e.g., a processor manufacturer such as Intel® or a manufacturer of the computing device 100), verify the security version number, or verify other information associated with the firmware code);
 one integrity measurementbased on the security version number included in the software update package manifest  The computing device 100 may collect attestation information such as the identity of the I/O controller 144, the identity of the firmware code (e.g., a cryptographic hash of the firmware code), the signer of the firmware code, and/or a security version number of the firmware code…The computing device 100 may verify, for example, the cryptographic hash of the firmware code and ensure that the code was signed by a trusted entity (e.g., a processor manufacturer such as Intel® or a manufacturer of the computing device 100), verify the security version number, or verify other information associated with the firmware code)
Moran and Pappachan are in the same analogous art as they are in the same field of endeavor, verifying devices having software.  Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to incorporate Asokan teachings into Moran invention to use utilize include security version number for firmware and use it to verify the firmware as suggested by Pappachan ([0045].)
But, Moran and Pappachan does not teach receive an attestation request from the orchestration edge device; seed a key generation process with a hash of the software update package; generate an attestation key generated using the key generation process; transmit an attestation response to the orchestration edge device to generate an attestation record, wherein the attestation response includes the attestation key and is generated in part using at least one integrity measurement 
However, Asokan teaches
receive an attestation request from the orchestration edge device (Asokan, Fig. 1, p. 3 – p. 4, section “4. PROTOCOL DESCRIPTION”; SEDA has two phases: (1) an off-line phase whereby devices are introduced into the swarm, and (2) an on-line phase performing actual attestation. The off-line phase is executed only once and consists of device initialization and device registration. The on-line phase is executed repeatedly for every attestation request from a verifier VRF. In this phase, each device Di (edge device, orchestration edge device) is attested individually and accumulated attestation is reported to VRF. Figure 1 shows a sample swarm formed initially of seven devices with an eighth device D8 being initialized by the swarm operator OP and joining the swarm. It also shows VRF running an attestation protocol instance…); 
seed a key generation process with a hash of the software update package (Asokan, Fig. 1, p. 3 – p. 4, section “4. PROTOCOL DESCRIPTION”, …Device initialization. Each Di in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) signed by OP which guarantees that ci is a valid software configuration of Di…Device registration. Whenever Di initially joins S or changes its position it executes join with each new neighbor Dj… An attestation key kij, shared between Di and each neighbor Dj is established during join. The set of attestation keys Di established with its neighbors is denoted Ki.  Key establishment can be done using an authenticated key agreement protocol based on devices’ ski, skj, cert(pki) (hash) and cert(pkj) (hash)… In fact, any key establishment protocol can be used with SEDA as long as it provides integrity of key agreement and secrecy of generated keys. Formally:
i : ski;Dj : skj ;
       *: cert(pki); cert(pkj); cert(ci); cert(cj)]
               [Wingdings font/0xE0][Di : kij ;Dj : kij ].)  cert(ci) == hash of code, see “table 1: Variables and parameters” on p. 3.); 
generate an attestation key generated using the key generation process (Asokan, Fig. 1, p. 3 – p. 4, section “4. PROTOCOL DESCRIPTION”, …Device initialization. Each Di in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) signed by OP which guarantees that ci is a valid software configuration of Di…Device registration. Whenever Di initially joins S or changes its position it executes join with each new neighbor Dj… An attestation key kij, shared between Di and each neighbor Dj is established during join. The set of attestation keys Di established with its neighbors is denoted Ki.  Key establishment can be done using an authenticated key agreement protocol based on devices’ ski, skj, cert(pki) (hash) and cert(pkj) (hash)… In fact, any key establishment protocol can be used with SEDA as long as it provides integrity of key agreement and secrecy of generated keys. Formally:
Join [Di : ski;Dj : skj ;
       *: cert(pki); cert(pkj); cert(ci); cert(cj)]
               [Wingdings font/0xE0][Di : kij ;Dj : kij ].)  cert(ci) == hash of code, see “table 1: Variables and parameters” on p. 3.);
transmit an attestation response to the orchestration edge device to generate an attestation record (Asokan, Fig. 1, p. 3 – p. 4, “4. PROTOCOL DESCRIPTION”; SEDA has two phases: (1) an off-line phase whereby devices are VRF. In this phase, each device Di (edge device) is attested individually and accumulated attestation (record) is reported to VRF. Figure 1 shows a sample swarm formed initially of seven devices with an eighth device D8 being initialized by the swarm operator OP and joining the swarm. It also shows VRF running an attestation protocol instance…), wherein the attestation response includes the attestation key and is generated in part using at least one integrity measurement  (Asokan, Fig. 1, p. 3 – p. 4, “4. PROTOCOL DESCRIPTION”, …Device initialization. Each Di in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) signed by OP which guarantees that ci is a valid software configuration of Di…Device registration. Whenever Di initially joins S or changes its position it executes join with each new neighbor Dj… An attestation key kij, shared between Di and each neighbor Dj is established during join. The set of attestation keys Di established with its neighbors is denoted Ki.  Key establishment can be done using an authenticated key agreement protocol based on devices’ ski, skj, cert(pki) (hash) and cert(pkj) (hash)… In fact, any key establishment protocol can be used with SEDA as long as it provides integrity of key agreement and secrecy of generated keys. Formally:
Join [Di : ski;Dj : skj ;
i); cert(pkj); cert(ci); cert(cj)]
               [Wingdings font/0xE0][Di : kij ;Dj : kij ].)  cert(ci) == hash of code, see “table 1: Variables and parameters” on p. 3.)
Moran, Pappachan, and Asokan are in the same analogous art as they are in the same field of endeavor, verifying devices having software.  Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to incorporate Asokan teachings into Moran/Pappachan invention to use Asokan SEDA technique to efficiently attest swarms with dynamic and static topologies as suggested by Asokan (p. 1, abstract.)

Claim 21
Asokan teaches the processing circuitry to perform operations to communicate with an edge device on an edge device network using the attestation record (Asokan, p. 4, section “4.2  Online Phase”; ... Single device attestation. Each attestation protocol instance has a global session identifier q. It is used to construct a spanning tree over the entire swarm…The spanning-tree5 is constructed from the communication graph, where two nodes are connected in the spanning-tree if they are neighbors in the communication graph…Dj attests all its children in this spanning tree.  It then accumulates the attestation results reported by its children, which correspond to the subtrees rooted at each of them, and sends the accumulated result along with an attestation report for itself to its parent Di…) The motivation for incorporating Asokan into Moran/Pappachan is the same as motivation in claim 20.

Claim 22
Moran also teaches the processing circuitry to perform operations to receive the software update package and the software update package manifest from a software update server (Moran, pp. 17 – 18, The following example message flow illustrates the interaction for distributing a firmware image to a device…--…The firmware and manifest are stored on the same Firmware Server), the device receives manifest and software update package from server.

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Moran in view of Pappachan and Asokan as applied to claim 1 above, and further in view of NPL “Network Functions Virtualisation (NFV)  Release 3; Security; Security Management and Monitoring specification” (hereinafter NFV; IDS filed on 05/03/2019; art of the record.)

Claim 2
Moran, Pappachan, and Asokan do not explicitly teach the edge device operates in a multi-access edge computing (MEC) network according to European Telecommunications Standard Institute (ETSI) group specification MEC 003 standard.
However, NFV teaches the edge device operates in a multi-access edge computing (MEC) network according to European Telecommunications Standard Institute (ETSI) group specification MEC 003 standard (NFV; p. 7, section “3.1 Definitions” – p. 8, section “3.2 Abbreviations”; For the purposes of the present document, the terms and definitions given in ETSI GS NFV 003…; p. 33, last full 
Moran, Pappachan, Asokan, and NFV are in the same analogous art as they are in the same field of endeavor, managing devices.  Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to incorporate NFV teachings into Moran/Pappachan/Asokan invention to monitor devices using ETSI technology to limits devices to a trust domain that they can establish trust with as suggested by NFV (p. 33, last full paragraph.)

Claims 8, 13, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Moran in view of Pappachan and Asokan as applied to claims 1, 9, and 14 above, and further in view of Wang (Pub. No. US 2013/0322354 A1; art of the record.)

Claim 8
Moran, Pappachan, and Asokan do not explicitly teach identify that the edge device is in a different domain; and coordinate a synchronization channel with the edge device in the different domain, wherein the software update package manifest is obtained via the synchronization channel.

identify that the edge device is in a different domain (Wang, Figs. 1A – 2; [0023 – 0028] The first electronic device 140 transmits a read request to the second router 170 through the first router 120 when the first electronic device 140 in the first LAN 110 intends to obtain a specific multi-media file of a second electronic device 190 in the second LAN 160 (step S250). The second router 170 returns a text message file to the first router 120 according to the read request (step S260). In which, the text message file includes the second identification number of the second router 170, a specific internal internet address of the second electronic device 190 corresponding to the second router 170, a specific device name of the second electronic device 190 and a file name of the specific multi-media file, and the text message file may be of a eXtensible Markup Language (XML) format. The first router 120 converts the specific internal internet address into an actual external internet address according to the text message file (step S270).  The actual external internet address is composed by a domain name and the file name of the specific multi-media file, and the domain name includes the second identification number corresponding to the second router 170 and the specific device name of the second electronic device 190…Next, the first electronic device 140 (e.g., a multi-media player) connects to the second LAN 160 according to the actual external internet address to play the specific multi-media file (step S280)…); and 
coordinate a synchronization channel with the edge device in the different domain (Wang, Figs. 1A & 1B; [0020] …A first local area network (LAN) 110 is communicated with a second LAN 160 through a wireless network tunnel 150…), wherein the software update package manifest is obtained via the synchronization channel (Wang, Figs. 1A – 2; [0023 – 0028] …Next, the first electronic device 140 (e.g., a multi-media player) connects to the second LAN 160 according to the actual external internet address to play the specific multi-media file (step S280)…)
Moran, Pappachan, Asokan, and Wang are in the same analogous art as they are in the same field of endeavor, managing devices.  Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to incorporate Wang teachings into Moran/Pappachan/Asokan invention to provides a cross-domain multi-media resource identification system which adds a device name of a remote equipment, a unique identification number of a router and a name of a specific multi-media file to a end of a text message file. A local router may convert information included in the text message file into an actual external internet address which is identifiable as suggested by Wang ([0015].)

Claim 13
This limitation is already discussed in claim 8; therefore, it is rejected for the same reasons.

Claim 19
This limitation is already discussed in claim 8; therefore, it is rejected for the same reasons.

Claims 5, 12, 17, 23, and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Moran in view of Pappachan and Asokan as applied to claims 4, 11, 16, and 20 above, and further in view of Thorpe (Pub. No. US 2014/0301548 A1; art of the record.)

Claim 5
Moran teaches 
transmit the software update package associated with the software update package manifest to the edge device (Moran, pp. 17 – 18; firmware is transferred to device.  See picture below); 
initiate a reset of the edge device (Moran, device is rebooted.  See picture below.)

    PNG
    media_image1.png
    434
    624
    media_image1.png
    Greyscale

Asokan teaches counter-sign the device cryptography identity with a key generated (Asokan, Fig. 1, p. 3: Device initialization. Each Di in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) signed by OP which guarantees that ci is a valid software configuration of Di.3 Furthermore, Di is initialized with a signing key pair (ski; pki) along with an identity certificate cert(pki) signed by OP, guaranteeing that pki belongs to Di…)  Motivation for incorporating into Moran is the same motivation in claim 1.
But, Moran, Pappachan, and Asokan do not explicitly teach 
However, Thorpe teaches the new device cryptography identity with a new key generated in response to the reset of the edge device (Thorpe, [0082 – 0083] In one embodiment, the key generation module 308 also generates a device key.  A device key is a globally unique key…In one embodiment, the device key is known only to the NRM server 101 associated with the device key…In one embodiment, the device key is dynamic. For example, in some embodiments, the key generation module 308 generates a new device key each time at start-up (reset) of the NRM server 101 or after detecting an (un)authorized access and expunging the non-persistent memory of all messages, keys, indexes, etc…)
Moran, Pappachan, Asokan, and Thorpe are in the same analogous art as they are in the same field of endeavor, managing devices.  Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to incorporate Thorpe teachings into Moran/Pappachan/Asokan invention to 

Claim 12
This limitation is already discussed in claim 5; therefore, it is rejected for the same reasons.

Claim 17
This limitation is already discussed in claim 5; therefore, it is rejected for the same reasons.

Claim 23
Moran teaches the installation of the software update package is based receipt of an installation command from the orchestration edge device (Moran, p. 10, An alternative approach is to consider the steps a device has to go through in the course of an update… If the Device has downloaded a new firmware image and is ready to install it, it may need to wait for a trigger from a Communicator to install the firmware update, may trigger the update automatically, or may go through a more complex decision making process to determine the appropriate timing for an update…; pp. 17 – 18, software update is installed) and the memory further comprising instructions that, when executed by the processing circuitry, cause the processing circuitry to perform operations to: 
initiate a reset operation upon completion of installation of the software update package and receipt of a reset command from the orchestration edge device (Moran, device is rebooted.  See picture below.); 

    PNG
    media_image1.png
    434
    624
    media_image1.png
    Greyscale

[
Asokan teaches receive a new device cryptographic identity counter-signed using thekey, wherein the attestation response includes the new device cryptographic identity (Asokan, Fig. 1, p. 3: right column – p. 4: left column, section 4.1; Device initialization. Each Di (edge device) in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) signed by OP which guarantees that ci is a valid software configuration of Di.3 Furthermore, Di is initialized with a signing key pair (ski; pki) along with an identity certificate cert(pki) signed by OP, guaranteeing that pki belongs to Di…) The motivation for incorporating into Moran is the same motivation in claim 20.
generate a new key in response to the reset operation; 
However, Thorpe teaches 
generate a new key in response to the reset operation (Thorpe, [0082 – 0083] In one embodiment, the key generation module 308 also generates a device key.  A device key is a globally unique key…In one embodiment, the device key is known only to the NRM server 101 associated with the device key…In one embodiment, the device key is dynamic. For example, in some embodiments, the key generation module 308 generates a new device key each time at start-up (reset) of the NRM server 101 or after detecting an (un)authorized access and expunging the non-persistent memory of all messages, keys, indexes, etc…);
a new device cryptographic identity the new (Thorpe, [0082 – 0083] In one embodiment, the key generation module 308 also generates a device key.  A device key is a globally unique key…In one embodiment, the device key is known only to the NRM server 101 associated with the device key…In one embodiment, the device key is dynamic. For example, in some embodiments, the key generation module 308 generates a new device key each time at start-up (reset) of the NRM server 101 or after detecting an (un)authorized access and expunging the non-persistent memory of all messages, keys, indexes, etc…)
Moran, Pappachan, Asokan, and Thorpe are in the same analogous art as they are in the same field of endeavor, managing devices.  Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed 

Claim 24
Asokan teaches perform operations to receive the new device identity from the orchestration edge device (Asokan, Fig. 1, p. 3: right column – p. 4: left column, section “4.1 Offline Phase”; Device initialization. Each Di (edge device) in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) signed by OP which guarantees that ci is a valid software configuration of Di.3 Furthermore, Di is initialized with a signing key pair (ski; pki) along with an identity certificate cert(pki) signed by OP, guaranteeing that pki belongs to Di…), wherein the new device identity is signed using a current device cryptographic identity (Asokan; Fig. 1, p. 3: right column – p. 4: left column, section “4.1 Offline Phase”; Device initialization. Each Di in a swarm S is initialized by the swarm operator OP with a software configuration ci (e.g., a hash digest of software binaries of Di) and a code certificate cert(ci) signed by OP which guarantees that ci is a valid software configuration of Di.3 Furthermore, Di is initialized with a signing key pair (ski; pki) along with an identity certificate cert(pki) signed by OP, guaranteeing that pki belongs to Di…) The motivation for incorporating into Moran is the same motivation in claim 20.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CUONG V LUU whose telephone number is (571)270-1733.  The examiner can normally be reached on 7:00 AM - 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S. Sough can be reached on (571) 272-6799.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CUONG V LUU/Examiner, Art Unit 2192                                                                                                                                                                                                        
/S. Sough/SPE, Art Unit 2192