DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 14 and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claims 14 and 15 recite the limitations "said token" and “said message”.  There is insufficient antecedent basis for these limitations in the claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

Claims 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Gupta et al. (US Pub. 20190200405 A1)  further in view of Kravitz et al. (US Pub. 20170279620 A1).

Regarding claim 1, Gupta disclose a method for authorization management in a community of connected objects, a master object being determined in said community (para. 1- secure onboarding of Wi-Fi enabled internet of thing (IoT) devices to a wireless network served by one or more wireless access points.), the method comprising: 
receipt, by the master object from a requesting object, of a request to carry out an action concerning: the community of connected objects, or an internal object of the community, the internal object being distinct from the master object (para. 46- At step 202, when the IoT device [130] is turned on, the IoT device [130] may transmit the broadcast/discovery probe request to the access point [120] in the form of transmitting one or more packets in the air which may be captured by the access point [120] wherein the broadcast/discovery probe request includes the unique identifier of the IoT device [130].), 
receipt, by an authentication server that is distinct from the master object, of a list of certified attributes associated with the requesting object (para. 48, para. 27-Table 1), after the list of attributes is verified by the authentication server and a capability of the requesting object is determined based on said list of attributes, (para. 49- At step 208, the onboarding server [110] may transmit one of the configuration setting and the default setting of the IoT device [130] to the access point [120]. The configuration setting may be transmitted to the access point [120] if the IoT device [130] has the status as "On-board" and the default setting may be transmitted to the access point [120] if the IoT device [130] has the status as "Off-board".)
receipt by the master object of an authentication token comprising said capability; transfer of said authentication token to said requesting object by the master object. (para. 50- once the access point [120] receives one of the configuration setting and the default setting from the onboarding server [110], the access point [120] may allow the IoT device [130] to establish the temporary connection with the access point [120] via the wireless network [140] using the default setting; otherwise, the permanent connection may be established between the access point [120] and the IoT device [130] via the wireless network [140] using the configuration setting.)
Gupta does not specifically teach the use of an authentication token comprising a capability.  However, this concept is known and used in the art of IOT provisioning as evidenced by Kravitz (see paras. 33, 44)  and therefore, one skilled in the art would have found it obvious to utilize it in Gupta as a simple alternative to achieve the desirable effect of certifying a new IoT Device’s capabilities/roles/functions.

Regarding claim 2, the combination of Gupta and Kravitz discloses the method according to claim 1, wherein the method further comprises: receipt of said authentication token by the master object; verification by the master object that the authentication token authorizes said action; transmission of a message authorizing said (Gupta-para. 50- At step 210, once the access point [120] receives one of the configuration setting and the default setting from the onboarding server [110], the access point [120] may allow the IoT device [130] to establish the temporary connection with the access point [120] via the wireless network [140] using the default setting; otherwise, the permanent connection may be established between the access point [120] and the IoT device [130] via the wireless network [140] using the configuration setting. For an example, the permanent connection may be established between the IoT device [130A] and the access point [120] via the wireless network [140] using the configuration setting [C-IoT1] as the IoT device [130A] has the status as "On-board". Similarly, the temporary connection may be established between the IoT device [130B] and the access point [120] via the wireless network [140] using the default setting [D-IoT2] as the IoT device [130B] has the status as "Off-board".; Kravitz- para. 44-45)

Regarding claim 3, the combination of Gupta and Kravitz discloses the method according to claim 2, wherein the request to carry out an action concerns the act of joining the community, and wherein the transmission of said message authorizing said action includes a transmission by the master object of a community token relating to said community.  (Gupta- para. 50- At step 210, once the access point [120] receives one of the configuration setting and the default setting from the onboarding server [110], the access point [120] may allow the IoT device [130] to establish the temporary connection with the access point [120] via the wireless network [140] using the default setting; otherwise, the permanent connection may be established between the access point [120] and the IoT device [130] via the wireless network [140] using the configuration setting. For an example, the permanent connection may be established between the IoT device [130A] and the access point [120] via the wireless network [140] using the configuration setting [C-IoT1] as the IoT device [130A] has the status as "On-board". Similarly, the temporary connection may be established between the IoT device [130B] and the access point [120] via the wireless network [140] using the default setting [D-IoT2] as the IoT device [130B] has the status as "Off-board".; Kravitz- para. 9)

Regarding claim 4, the combination of Gupta and Kravitz discloses the method according to claim 3, wherein the method further comprises: upon receipt of said community token by the master object, updating a database stored in the master object in order to add a new member to said community. (Gupta- para. 49-50- At step 208, the onboarding server [110] may transmit one of the configuration setting and the default setting of the IoT device [130] to the access point [120]. The configuration setting may be transmitted to the access point [120] if the IoT device [130] has the status as "On-board" and the default setting may be transmitted to the access point [120] if the IoT device [130] has the status as "Off-board". Following the same example from the Table 1, the onboarding server [110] may transmit the configuration setting [C-IoT1] of the IoT device [130A] to the access point [120] as the IoT device [130A] has the status as "On-board". Similarly, the onboarding server [110] may transmit the default setting [D-IoT2] of the IoT device [130B] to the access point [120] as the IoT device [130B] has the status as "Off-board.  Kravitz- para. 33 )

Regarding claim 5, the combination of Gupta and Kravitz discloses the method according to claim 2, wherein the request to carry out an action concerns the act of communicating with an internal object of the community that is distinct from the master object, and wherein the transmission of said message authorizing said action comprises a transmission by the master object of an object token relating to said internal object. (Gupta- para. 50- At step 210, once the access point [120] receives one of the configuration setting and the default setting from the onboarding server [110], the access point [120] may allow the IoT device [130] to establish the temporary connection with the access point [120] via the wireless network [140] using the default setting; otherwise, the permanent connection may be established between the access point [120] and the IoT device [130] via the wireless network [140] using the configuration setting. For an example, the permanent connection may be established between the IoT device [130A] and the access point [120] via the wireless network [140] using the configuration setting [C-IoT1] as the IoT device [130A] has the status as "On-board". Similarly, the temporary connection may be established between the IoT device [130B] and the access point [120] via the wireless network [140] using the default setting [D-IoT2] as the IoT device [130B] has the status as "Off-board".; Gupta- para. 44)

Regarding claim 6, the combination of Gupta and Kravitz discloses the method according to claim 1, wherein the receipt of the request comes directly from the requesting object. (Gupta- para. 46- At step 202, when the IoT device [130] is turned on, the IoT device [130] may transmit the broadcast/discovery probe request to the access point [120] in the form of transmitting one or more packets in the air which may be captured by the access point [120] wherein the broadcast/discovery probe request includes the unique identifier of the IoT device [130].)

Regarding claim 7, the combination of Gupta and Kravitz discloses the method according to claim 5, wherein the transmission of said message authorizing said action further comprises an address of the internal object. (claim 8- wherein the identifier corresponding to the at least one IoT device [130] comprises one a media access control address, a vendor identifier and a unique identifier.; Kravitz- para. 33, 38)

Regarding claim 8, the combination of Gupta and Kravitz discloses the method according to claim 1, wherein the receipt of the list of certified attributes takes place via the master object. (Gupta- para. 49- At step 208, the onboarding server [110] may transmit one of the configuration setting and the default setting of the IoT device [130] to the access point [120]. The configuration setting may be transmitted to the access point [120] if the IoT device [130] has the status as "On-board" and the default setting may be transmitted to the access point [120] if the IoT device [130] has the status as "Off-board".; Kravitz- para. 44)

Regarding claim 9, the combination of Gupta and Kravitz discloses the method according to claim 1, wherein the receipt of the list of certified attributes takes place via at least one certification server, said certification server having certified at least one attribute of the list of attributes.  (Kravitz- para. 33, 44- attribute authority i.e. certification server)

Regarding claim 10, the combination of Gupta and Kravitz discloses the method according to claim 1, wherein the method further comprises: negotiation between the requesting object and the authentication server in order to define at least one certification server able to certify at least one attribute of the list of attributes. (Kravitz- para. 33, 44- Typically, assignments of limited Iot (LIoT) devices may be reported to, managed or controlled by a control IoT (CIoT) device. Based on the information described above being collected and certified by a CIoT device, an AA could create a digital certificate for each LIoT device with the collected, verified information. For example, such a digital certificate could include a device's unique identifying information, its device type and capabilities. It may also include the LIoT device's relationship to a CIoT device(s), address, installed location, inviter-invitee provisioning process relationships, group membership, manufacture's certification and other information as appropriate. Such certificates may be automatically and continuously updated and maintained throughout the life cycle of the product.)

Regarding claim 11, the combination of Gupta and Kravitz discloses the method according to claim 1, wherein the method further comprises: the requesting object sending a request for certification of at least one attribute, to a certification server. (Kravitz- para. 44)

Regarding claim 12, the rejection of claim 1 is incorporated herein.  Gupta discloses a device able to be connected and to be part of a community of connected objects (para. 1- secure onboarding of Wi-Fi enabled internet of thing (IoT) devices to a wireless network served by one or more wireless access points.), wherein the device comprises: an interface for receiving a message from a requesting object para. 46- At step 202, when the IoT device [130] is turned on, the IoT device [130] may transmit the broadcast/discovery probe request to the access point [120] in the form of transmitting one or more packets in the air which may be captured by the access point [120] wherein the broadcast/discovery probe request includes the unique identifier of the IoT device [130].); a processor adapted for: determining whether said received message comprises an authentication token comprising a capability authorizing an action relating to said device (para. 50- once the access point [120] receives one of the configuration setting and the default setting from the onboarding server [110], the access point [120] may allow the IoT device [130] to establish the temporary connection with the access point [120] via the wireless network [140] using the default setting; otherwise, the permanent connection may be established between the access point [120] and the IoT device [130] via the wireless network [140] using the configuration setting.); if this determination is positive, transmitting said message to a master object of said community, said master object being able to verify the validity of the authentication token, an interface for receiving a response message from said master object; the processor being further adapted for: executing said action relating to said device if said response message comprises an indication that validates said authentication token; transmitting a result of the action to the requesting object. (para. 49-50- At step 208, the onboarding server [110] may transmit one of the configuration setting and the default setting of the IoT device [130] to the access point [120]. The configuration setting may be transmitted to the access point [120] if the IoT device [130] has the status as "On-board" and the default setting may be transmitted to the access point [120] if the IoT device [130] has the status as "Off-board". Once the access point [120] receives one of the configuration setting and the default setting from the onboarding server [110], the access point [120] may allow the IoT device [130] to establish the temporary connection with the access point [120] via the wireless network [140] using the default setting; otherwise, the permanent connection may be established between the access point [120] and the IoT device [130] via the wireless network [140] using the configuration setting.)
Gupta does not specifically teach the use of an authentication token comprising a capability.  However, this concept is known and used in the art of IOT provisioning as evidenced by Kravitz (see paras. 33, 44)  and therefore, one skilled in the art would have found it obvious to utilize it in Gupta as a simple alternative to achieve the desirable effect of certifying a new IoT Device’s capabilities/roles/functions.

Regarding claim 13, the rejection of claim 1 is incorporated herein. Method for executing an action relating to a device, said device being connected and being part of a community of connected objects (para. 1- secure onboarding of Wi-Fi enabled internet of thing (IoT) devices to a wireless network served by one or more wireless access points.), wherein the method comprises: receiving a message from a requesting object (para. 46- At step 202, when the IoT device [130] is turned on, the IoT device [130] may transmit the broadcast/discovery probe request to the access point [120] in the form of transmitting one or more packets in the air which may be captured by the access point [120] wherein the broadcast/discovery probe request includes the unique identifier of the IoT device [130].); determining whether said received message comprises an authentication token comprising a capability authorizing the action relating to said device; if this determination is positive, transmitting said message to a master object of said community, said master object being able to verify the validity of the authentication token; receiving a response message from said master object; executing said action relating to said device if the response message comprises an indication that validates said authentication token; transmitting a result of the action to the requesting object.  (para. 49-50- At step 208, the onboarding server [110] may transmit one of the configuration setting and the default setting of the IoT device [130] to the access point [120]. The configuration setting may be transmitted to the access point [120] if the IoT device [130] has the status as "On-board" and the default setting may be transmitted to the access point [120] if the IoT device [130] has the status as "Off-board". Once the access point [120] receives one of the configuration setting and the default setting from the onboarding server [110], the access point [120] may allow the IoT device [130] to establish the temporary connection with the access point [120] via the wireless network [140] using the default setting; otherwise, the permanent connection may be established between the access point [120] and the IoT device [130] via the wireless network [140] using the configuration setting.)
Gupta does not specifically teach the use of an authentication token comprising a capability.  However, this concept is known and used in the art of IOT provisioning as evidenced by Kravitz (see paras. 33, 44)  and therefore, one skilled in the art would have found it obvious to utilize it in Gupta as a simple alternative to achieve the desirable effect of certifying a new IoT Device’s capabilities/roles/functions.

Regarding claim 14, the rejection of claim 1 is incorporated herein.  Gupta discloses a device able to be connected, wherein the device comprises: an interface for receiving a first message from a master object of a community of connected objects (para. 50- once the access point [120] receives one of the configuration setting and the default setting from the onboarding server [110], the access point [120] may allow the IoT device [130] to establish the temporary connection with the access point [120] via the wireless network [140] using the default setting; otherwise, the permanent connection may be established between the access point [120] and the IoT device [130] via the wireless network [140] using the configuration setting.) said first message containing an authentication token comprising a capability of said device that is determined based on a list of certified attributes (para. 49- At step 208, the onboarding server [110] may transmit one of the configuration setting and the default setting of the IoT device [130] to the access point [120]. The configuration setting may be transmitted to the access point [120] if the IoT device [130] has the status as "On-board" and the default setting may be transmitted to the access point [120] if the IoT device [130] has the status as "Off-board".); an interface for sending a second message to an object of said community, said message containing said token and a request to carry out an action, said action being: a request to join said community or a request to access a service offered by an internal object of said community, the internal object being distinct from the master object (para. 46- At step 202, when the IoT device [130] is turned on, the IoT device [130] may transmit the broadcast/discovery probe request to the access point [120] in the form of transmitting one or more packets in the air which may be captured by the access point [120] wherein the broadcast/discovery probe request includes the unique identifier of the IoT device [130].); an interface for receiving a third message authorizing said action or indicating a result of said action. 
Gupta does not specifically teach the use of an authentication token comprising a capability.  However, this concept is known and used in the art of IOT provisioning as evidenced by Kravitz (see paras. 33, 44)  and therefore, one skilled in the art would have found it obvious to utilize it in Gupta as a simple alternative to achieve the desirable effect of certifying a new IoT Device’s capabilities/roles/functions.

Regarding claim 15, the subject matter claimed pertain to method steps that correspond to the system elements of claim 14 and thus rejected for the same analysis.  Implementing the system would have necessitated carrying through the method steps as recited.    

Regarding claim 16, the combination of Gupta and Kravitz discloses the method according to claim 6, wherein the transmission of said message authorizing said action further comprises an address of the internal object. (claim 8- wherein the identifier corresponding to the at least one IoT device [130] comprises one a media access control address, a vendor identifier and a unique identifier.; Kravitz- para. 33, 38)

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM A CORUM JR whose telephone number is (303)297-4234.  The examiner can normally be reached on Mon. - Fri. 8 AM - 5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/WILLIAM A CORUM JR/Examiner, Art Unit 2433              

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433