DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Claims 1, 7-8, 14 and 20 have been amended. Claims 1-20 are currently pending.

Response to Arguments
Applicant’s arguments with respect to claim 1 have been considered but are moot in view of new grounds of rejections. Applicant’s other arguments are based on Applicant's arguments against claim 1.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-5, 8-12 and 14-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Abuelsaad et al., US-20140245394- A1 (hereinafter “Abuelsaad ‘394”) in view of Slater, US-20110321175-A1 (hereinafter “Slater ‘175”) and Lindteigen et al., US-20130191897-A1 (hereinafter “Lindteigen ‘897”).
Per claim 1 (independent):
Abuelsaad ‘394 discloses: A computer-implemented method, comprising: by a processor of a trusted device responsible for evaluating trustworthiness of unknown devices: receiving trust evaluation rules usable to determine whether to authorize unknown devices to access a resource; receiving a request to access the resource and device evaluation attributes from an unknown device; evaluating the trustworthiness of the unknown device based upon the device evaluation attributes using the trust evaluation rules (FIG. 4, [0060], “practiced within any type of networked computing environment 86 (e.g., a cloud computing environment 50) … engine 70 could be loaded on a server or server-capable device that communicates (e.g., wirelessly) with the clients to provide trust-based computing resource authorization functionality … engine 70 (in one embodiment) comprises a rules and/or computational engine that processes a set (at least one) of rules/logic 72 and/or provides trust-based computing resource authorization hereunder” [Emphasis added.]; [0061], ll. 4-12, 21-25, “a request 82 for a candidate computing resource 74 (e.g., a VM) to join the networked computing environment 86; identify a set of authorizing computing resources 76A-N (e.g., VMs) previously joined to the networked computing environment 86; communicate an authorization message 84 to the set of authorizing computing resources 76A-N, the authorization message comprising metadata describing a set of attributes of the candidate computing resource 74 … make an authorization determination for the candidate computing resource 7 4 to join the networked computing environment 86 based on the set of votes (e.g., and optionally on a set of policies 80A-N stored in computer storage device(s) 78A-N)” [Emphasis added.] where the request to join the networked computing environment (access the in response to determining that the unknown device is trustworthy: (i)  ([0061], ll. 27-28, “return a response 90 to the candidate computing resource 74, the response identifying the authorization level.” [Emphasis added.]; [0064], ll. 19-21, “Regardless, system 104 makes an authorization determination with corresponding permission (if authorization is given) in step PS” [Emphasis added.]; FIG. 4, [0061], ll. 9-12, “communicate an authorization message 84 to the set of authorizing computing resources 76A-N, the authorization message comprising metadata describing a set of attributes of the candidate computing resource 74” [Emphasis added.]; FIG. 6, [0065], ll. 2-4, 6-11,  “the message should include some information about VM 200 … The message may also have client location information such as network address, hardware address, geographical location, etc. Still yet, the message may have client dependency information such as message metadata (e.g., identification, time to live (TTL), etc.” [Emphasis added.] where the response that includes the authorization level is sent to the candidate computing resource (unknown device) originated from the set of authorizing computing resources via the computing resource authorization engine (registrar) as FIG. 4. Moreover, the message (device evaluation attributes and identification) that contains information about the candidate computing resource (unknown device) is sent over to the computing resources via the computing resource authorization engine (registrar) as FIG. 4. However, the authorization level does not explicitly teach the credential.).
the evaluating including: (i) performing, for each device evaluation attribute, a binary determination of whether the device evaluation attribute matches a required value for the device evaluation attribute, resulting in a first set of one or more device evaluation attributes that evaluate as true and a second set of one or more device evaluation attributes that  evaluate as false (FIG. 2, [0042], “The data access monitor 202 … one database (not shown in FIG. 2) that stores data accessible to one or more users 210 … determines when the activity of the user 210 corresponds to certain data access events or objects of interest” [Emphasis added.]; [0044], “track the activity of the user 210 based on his or her own historical behavior and/or based on his or her job title or position … a plurality of different event activity profiles, e.g., an individualized profile, a job position profile, a geographic location profile, or the like” [Emphasis added.]; [0049], “monitored data access events include … viewing a record; exporting a record; deleting a record; printing a record; emailing a record; preparing a list of records; creating a new record; and downloading a record”; FIG. 5, [0064], “monitoring user activity in a database system … maintain a respective event score for each monitored data access event” [Emphasis added.]; [0066], “detects and records the occurrence of a monitored data access event ( query task 506), the system adjusts, increments, or otherwise updates the user's set of event scores to reflect the detected event (task 512)” [Emphasis added.]; [0067], “query task 518 may detect when an overall score derived from the updated set of scores exceeds a respective threshold score” [Emphasis added.] where data access events (device evaluation attributes) created by the user 210 (client device) for accessing data in a database are monitored at the data access monitor 202 through which a respective event score is maintained for each monitored data access event. In detail, as FIG. 5 shows, it is determined whether a monitored data access event (device evaluation attribute) is detected or not at task 506 and only if the event is detected, i.e., regarded as true (required value), an event score would increment to reflect the detected 
(ii) adding an associated point value of each device evaluation attribute in the first set of one or more device evaluation attributes that  evaluate as true to an accumulated trust value, and (iii) determining whether the accumulated trust value exceeds a threshold (FIG. 5, [0064], “monitoring user activity in a database system … maintain a respective event score for each monitored data access event” [Emphasis added.]; [0066], “detects and records the occurrence of a monitored data access event ( query task 506), the system adjusts, increments, or otherwise updates the user's set of event scores to reflect the detected event (task 512)” [Emphasis added.]; [0067], “query task 518 may detect when an overall score derived from the updated set of scores exceeds a respective threshold score” [Emphasis added.] where in case the event is detected, which corresponds to the true event, the event score would reflect the detected event by increment a value (associated point value) and an overall score (accumulated trust value) derived from the updated event score is compared to determine whether it exceeds a respective threshold score on which an appropriate course of action may be initiated. Note that the overall score has been accumulated over time because, for example, if a scoring threshold is not met, it would go to the beginning of the process of monitoring user activity (See task 518 at FIG. 5).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Abuelsaad ‘394 with the generation of event scores for monitored data access events by accumulating scores that correspond to true events over time for a comparison into respective threshold score as taught by Slater ‘175 because it would improve an accuracy of detection (less false alarms) for unauthorized, suspicious, illegitimate, illegal, or other defined data access activity by considering detected cases accumulated over time that meet a scoring criteria only [0067].
providing a credential (FIG. 1, [0017], ll. 8-14, “The security entity 140 uses the temporary credential-creating device 160 to create temporary credentials 165 to distribute to new devices 110 in the field. The temporary credentials 165 may include seed keys, or any other type of credential used by a new device 110 as attestation of qualification when attempting to join the secure enclave 120” [Emphasis added.]; FIG. 2, [0020], ll. 1-3, 8-9, “a process 200 to add a new device 110 in FIG. 1 to a secure enclave 120 in FIG. 1 … the existing member 180 in FIG. 1 can vet the new device 110 in FIG. 1.” [Emphasis added.]; [0021], “The existing device 180 in FIG.1 ensures that the new device 110 in FIG.1 is trusted and authorized to join the secure enclave 120 in FIG. 1. Next, the existing device 180 in FIG. 1 determines that the new device 110 in FIG. 1 has an approved purpose 230 to become a member of the secure enclave 120 in FIG.1. Next, the existing device 180 in FIG. 1 installs the necessary software and temporary credential 240 into the new device 110 in FIG. 1.” [Emphasis added.] where the security entity (registrar) creates the temporary credentials and distribute them to new devices (unknown devices) as well as existing devices (trusted devices) as FIG. 1. The new device is trusted and authorized to join the secure enclave by the vetting process of the existing devices and the temporary credential is installed (provided) into the new device.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Abuelsaad ‘394 in view of Slater ‘175 with the provision of credentials as taught by Lindteigen ‘897 because it would add the new devices to a secure enclave without first having to physically interact with the entity responsible for the security of the secure enclave and also enable rapid deployment of new devices, or replenishment of lost or damaged devices in the field without compromising the security of the device or the secure enclave [0005][0006].

Per claim 2 (dependent on claim 1):

Abuelsaad ‘394 discloses: The computer-implemented method of claim 1, where the trusted device comprises one of a plurality of trusted devices, the evaluating is performed by each of the plurality of trusted devices, and ([0061], “a request 82 for a candidate computing resource 74 (e.g., a VM) to join the networked computing environment 86; identify a set of authorizing computing resources 76A-N (e.g., VMs) previously joined to the networked computing environment 86; … receive a set of responses 88 from the set of authorizing computing resources 76A-N, the set of responses comprising a set of votes (e.g., comprising a set of codes having associated voting decisions) … make an authorization determination for the candidate computing resource 7 4 to join the networked computing environment 86 based on the set of votes (e.g., and optionally on a set of policies 80A-N stored in computer storage device(s) 78A-N) … return a response 90 to the candidate computing resource 74, the response identifying the authorization level.” [Emphasis added.] where the set of authorizing computing resources (trusted devices) makes an authorization determination on the basis of the set of votes and the response such as the authorization level is returned to the candidate computing resource (unknown device) in response to it.).
Abuelsaad ‘394 in view of Slater ‘175 does not disclose but Lindteigen ‘897 discloses: the providing of the credential (FIG. 1, [0017], “The security entity 140 uses the temporary credential-creating device 160 to create temporary credentials 165 to distribute to new devices 110 in the field. The temporary credentials 165 may include seed keys, or any other type of credential used by a new device 110 as attestation of qualification when attempting to join the secure enclave 120” [Emphasis added.]; FIG. 2, [0020], “a process 200 to add a new device 110 in FIG. 1 to a secure enclave 120 in FIG. 1 the existing member 180 in FIG. 1 can vet the new device 110 in FIG. 1.” [Emphasis added.]; [0021], “The existing device 180 in FIG.1 ensures that the new device 110 in FIG.1 is trusted and authorized to join the secure enclave 120 in FIG. 1. Next, the existing device 180 in FIG. 1 determines that the new device 110 in FIG. 1 has an approved purpose 230 to become a member of the secure enclave 120 in FIG.1. Next, the existing device 180 in FIG. 1 installs the necessary software and temporary credential 240 into the new device 110 in FIG. 1.” [Emphasis added.]).

Per claim 3 (dependent on claim 1):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Abuelsaad ‘394 in view of Slater ‘175 does not disclose but Lindteigen ‘897 discloses:  The computer-implemented method of claim 1, where the credential is a temporary credential ([0021], “The existing device 180 in FIG.1 ensures that the new device 110 in FIG.1 is trusted and authorized to join the secure enclave 120 in FIG. 1. Next, the existing device 180 in FIG. 1 determines that the new device 110 in FIG. 1 has an approved purpose 230 to become a member of the secure enclave 120 in FIG.1. Next, the existing device 180 in FIG. 1 installs the necessary software and temporary credential 240 into the new device 110 in FIG. 1.” [Emphasis added.]).

Per claim 4 (dependent on claim 1):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Abuelsaad ‘394 in view of Slater ‘175 does not disclose but Lindteigen ‘897 discloses:  The computer-implemented method of claim 1, where the credential is obtained by the trusted device from the registrar in response to the trusted device receiving the request to access the resource from the unknown device (FIG. 1, [0017], “The security entity 140 uses the temporary credential-creating device 160 to create temporary credentials 165 to distribute to new devices 110 in the field. The temporary credentials 165 may include seed keys, or any other type of credential used by a new device 110 as attestation of qualification when attempting to join the secure enclave 120” [Emphasis added.]; FIG. 2, [0020], “a process 200 to add a new device 110 in FIG. 1 to a secure enclave 120 in FIG. 1 … the existing member 180 in FIG. 1 can vet the new device 110 in FIG. 1.” [Emphasis added.]; [0021], “The existing device 180 in FIG.1 ensures that the new device 110 in FIG.1 is trusted and authorized to join the secure enclave 120 in FIG. 1. Next, the existing device 180 in FIG. 1 determines that the new device 110 in FIG. 1 has an approved purpose 230 to become a member of the secure enclave 120 in FIG.1. Next, the existing device 180 in FIG. 1 installs the necessary software and temporary credential 240 into the new device 110 in FIG. 1.” [Emphasis added.] where the security entity (registrar) creates the temporary credentials and distribute them to new devices (unknown devices) as well as existing devices (trusted devices) as FIG. 1. The new device is trusted and authorized to join the secure enclave by the vetting process of the existing devices and the temporary credential is installed (provided) into the new device.).

Per claim 5 (dependent on claim 1):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Abuelsaad ‘394 discloses:  The computer-implemented method of claim 1, where the resource is a network and ([0061], “a request 82 for a candidate computing resource 74 (e.g., a VM) to join the networked computing environment 86” [Emphasis added.]).
the credential ([0021], “The existing device 180 in FIG.1 ensures that the new device 110 in FIG.1 is trusted and authorized to join the secure enclave 120 in FIG. 1. Next, the existing device 180 in FIG. 1 determines that the new device 110 in FIG. 1 has an approved purpose 230 to become a member of the secure enclave 120 in FIG.1. Next, the existing device 180 in FIG. 1 installs the necessary software and temporary credential 240 into the new device 110 in FIG. 1.” [Emphasis added.]).

Per claim 8 (independent):
The limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 9 (dependent on claim 8):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 2 and the claim(s) is/are rejected for the reasons detailed with respect to claim 2.

Per claim 10 (dependent on claim 8):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 3 and the claim(s) is/are rejected for the reasons detailed with respect to claim 3.

Per claim 11 (dependent on claim 8):

The limitations of the claim(s) correspond(s) to features of claim 4 and the claim(s) is/are rejected for the reasons detailed with respect to claim 4.

Per claim 12 (dependent on claim 8):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 5 and the claim(s) is/are rejected for the reasons detailed with respect to claim 5.

Per claim 14 (independent):
The limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 15 (dependent on claim 14):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 14 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 2 and the claim(s) is/are rejected for the reasons detailed with respect to claim 2.

Per claim 16 (dependent on claim 14):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 14 above, incorporated herein by reference.


Per claim 17 (dependent on claim 14):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 14 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 4 and the claim(s) is/are rejected for the reasons detailed with respect to claim 4.

Per claim 18 (dependent on claim 14):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 14 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 5 and the claim(s) is/are rejected for the reasons detailed with respect to claim 5.

Claim 6, 13 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 as applied to claim 1, 8 and 14 above, and further in view of Amidon et al., US-8726344-B1 (hereinafter “Amidon ‘344”) and Rajakarunanayake et al., US-20150006897-A1 (hereinafter “Rajakarunanayake ‘897”).
Per claim 6 (dependent on claim 1):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Abuelsaad ‘394 discloses:  The computer-implemented method of claim 1, where the trusted device comprises one of a plurality of trusted devices, and the trusted device is designated as  ([0064], “In step P1, a new VM (VM) 200 requests to join a network … In step P2, system 104 receives the request and parses out relevant metadata in order to determine what VMs 202A-N it should broadcast to in order to allow this VM 200 on the network … In step P4, VMs 202A-N read the message and send back a response with their "vote" indicating: allow…do not allow…abstain…” [Emphasis added.] where the system receives the (access) request (from the unknown device), which triggers the voting request to broadcast (poll) to the plurality of the VMs 202A-N (trusted devices) from which the trust assessment votes are received such as “allow”, “do not allow” or “abstain”. They are collected locally from the VMs 202A-N but no trusted device has been designated as the vote evaluation device.).
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 does not disclose but Amidon ‘344 discloses: the local trust assessment vote of the trusted device being based, at least in part, on the determination of whether the accumulated trust value exceeds the threshold (FIG. 3, [Col. 5], ll.61 – [Col. 6], ll.20, “the trust agent 20 determines the trustworthiness of any device encountered via the communications network 30. The trust agent 20 uses the trust equation 54 to calculate the trust score 34 … If the calculated trust score 34 meets or exceeds the threshold trust score 36, then the trust agent 20 permits whatever function is requested … the trust equation 54 is a function of one or more components or variables … a proximity component P (shown as reference numeral 56), a frequency component F (shown as reference numeral 58), a durational component D (shown as reference numeral 60), a longevity component L (shown as reference numeral 62), and a geographical component G(shown as reference numeral 64).… any combination of these components” [Emphasis added.] where the trust 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 with the calculation of the trust scores for multiple components associated with the device based on threshold trust scores as taught by Amidon ‘344 because it would measure the trustworthiness of an unknown device in a more accurate way by considering multiple device attributes for determining a trust score based on a threshold.
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 and Amidon ‘344 does not disclose but Rajakarunanayake ‘897 discloses: the trusted device is designated as a vote evaluation trusted device and where (FIG. 1, [0010], “The communication system 100 may include a host 120 associated and communicating with a group 130 having member devices 131, 132, 133, and a requester device 160 … the host 120 may communicate with a trusted entity device 170 over a private and/ or secure network, for example, for the purpose of obtaining the electronic authentication” [Emphasis added.]; [0011], “Even though the host 120 has been illustrated as being separate from the member devices 131, 132, 133, any of the member devices 131, 132, 133 may act as the host 120” [Emphasis added.]; [0020], “before granting the request, the host 120 may require each member of the group 130 to approve the request received from the external on the rules of the group 130 that simply require approval from a majority of the existing members; [0024], ”the host 120 may transmit the electronically signed digital document and all of the other information included are associated with the request to the at least one existing member of the group 130“ [Emphasis added.] where if a majority of the existing members (trusted devices) approves the request from the external requester device (unknown device), i.e., the device is trustworthy, the electrically signed digital document is sent right before the request is granted but it does not explicitly teach the credentials. Moreover, since one of the member devices act as the host device (vote evaluation device), the approvals (votes) obtained locally from the member devices is combined with the approval locally collected from the host device.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 and Amidon ‘344 with the use of the majority of votes in the decision of trustworthiness and the designated vote evaluation trusted device as taught by Rajakarunanayake ‘897 because the majority scheme would resolve the conflict that arises when at least one member of the group denies approval of the request and at least one member of the group approves the request [0021]. Also, the authentication would be secured by using the information of the designated vote evaluation trusted device without directly accessing all trusted devices connected to it through the secure network [0013].
Abuelsaad ‘394 in view of Slater ‘175 and Amidon ‘344 and Rajakarunanayake ‘897 does not disclose but Lindteigen ‘897 discloses: the providing of the credential (FIG. 1, [0017], ll. 8-14, “The security entity 140 uses the temporary credential-creating device 160 to create temporary credentials 165 to distribute to new devices 110 in the field. The temporary credentials 165 may include seed keys, or any other type of credential used by a new device 110 as attestation of qualification when attempting a new device 110 in FIG. 1 to a secure enclave 120 in FIG. 1 … the existing member 180 in FIG. 1 can vet the new device 110 in FIG. 1.” [Emphasis added.]; [0021], “The existing device 180 in FIG.1 ensures that the new device 110 in FIG.1 is trusted and authorized to join the secure enclave 120 in FIG. 1. Next, the existing device 180 in FIG. 1 determines that the new device 110 in FIG. 1 has an approved purpose 230 to become a member of the secure enclave 120 in FIG.1. Next, the existing device 180 in FIG. 1 installs the necessary software and temporary credential 240 into the new device 110 in FIG. 1.” [Emphasis added.]).

Per claim 13 (dependent on claim 8):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 6 and the claim(s) is/are rejected for the reasons detailed with respect to claim 6.

Per claim 19 (dependent on claim 14):
Abuelsaad ‘394 in view of Slater ‘175 and Lindteigen ‘897 discloses the elements detailed in the rejection of claim 14 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 6 and the claim(s) is/are rejected for the reasons detailed with respect to claim 6.

Allowable Subject Matter
Claims 7 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
The claims contain the following underlined features which, when combined with other features of the claim, prior art of record failed to anticipate or render obvious at the time of instant invention was filed. Rather, Abuelsaad ‘394 teaches that a new resource (unknown device) provides existing resources (trusted devices) with information about already installed OS and middleware of the new resource only for vouching the new resource, where the software is not granted for a way of joining the new resource into a network while other references are silent as to a provision of software.   
Per claim 7 (dependent on claim 1):
The computer-implemented method of claim 1, where software is provided for secure provisioning of unknown devices as a service in a cloud environment, and where the software provides the unknown devices with an alternate method for provisioning when the unknown devices are outside of a communications domain of a credentialing system for the resource.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGSEOK PARK whose telephone number is (571)272-4332.  The examiner can normally be reached on Monday-Thursday 7:30-5:30 and Alternate Fridays 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on (571) 272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SANGSEOK PARK/Examiner, Art Unit 2494                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491