DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see pages 6-21 of Applicant’s Response filed 03/15/2021, with respect to the 35 U.S.C. 103 rejections have been fully considered, but they are note persuasive. 
Applicant argues, on pages 6-7, that Raheman fails to teach that the reservation system assigns the guest a room at a check in process. Examiner respectfully disagrees. Examiner respectfully notes that the claim merely requires “a reservation system that assigns a room to a guest having use of the mobile device.” Examiner notes the relevant portions of Raheman which teach:
The guest however has to activate the digital key by using her mobile phone (Node-IV) to remotely check in 16 the hotel when she arrives at the destination city airport. Such check in is easily effectuated by the mobile phone connecting to the hotel's Communicator Server by a simple click of a button using a standard text messaging or the SMS protocol. The Communicator Server identifies the guest mobile phone either by: a) its telephone number or b) by means of a digital watermark or c) firmware algorithm embedded on its subscriber identity module chip or d) the combination of either of the two or all the three combined. The Communicator Server then assigns a room to the guest depending upon the guest's preferences, and delivers a digital Room Access Code 18 to operate the room door lock and other gadgets within the room.  
 Examiner further notes that node III is clearly indicated in Fig. 1 as “The communicator.” Applicant argues that the server is not part of a reservation system, but Examiner respectfully notes that a server which assigns a guest to a room is within the broadest reasonable interpretation of the term already teaches a reservation server, Raheman merely teaches the modification of such a server such that it may assign a user to a room at their check-in process. Further still Applicant’s argument that only node-II of Raheman can be considered a reservation server is unpersuasive, since each server in Raheman falls within the broadest reasonable interpretation of the term “reservation server” since each is used to assist a hotel goer in reserving a room. Since Sonasath in view of Raheman clearly teaches this element, Applicant’s arguments are found unpersuasive. 
Applicant argues, on pages 7-8 that one of ordinary skill in the art would not be motivated to combine the teachings of Raheman with those of Sonasath. Examiner respectfully disagrees, and notes the clearly articulated motivation to combine Raheman with Sonasath outlined below. Applicant’s argument that for one of ordinary skill in the art to be motivated to combine references, a primary reference must first state a deficiency or problem and a secondary reference must teach the solution to such a problem is without foundation, ignores the rationales set forth in KSR International Co. v. Telefelex Inc., 550 U.S. 398 (2007), and is without application here. Applicant’s arguments are found unpersuasive.
Applicant argues, on pages 9-11 and 17-18, that Bondrup fails to cure the deficiencies of Sonasath in view of Raheman. Examiner respectfully disagrees. Examiner respectfully notes that Applicant mischaracterizes Examiner’s use of the Bondrup reference here. As outlined on pages 6-7 of the Non-Final Rejection mailed 12/14/2020, Bondrup is being used specifically for the modification of Sonasath’s system such that the certificate is “requested” rather than “pushed.” Since such an element is taught by Bondrup, Applicant’s arguments are found unpersuasive. 
Applicant argues, on page 12, that Sonasath fails to teach a cybersecurity certificate. Examiner respectfully disagrees, and notes that the fact that the security certificate taught by Sonasath in paragraph [0054], which comprises access keys, credentials, and is sent via a secure protocol Sonasath’s teachings 
Applicant argues, on page 15, that Bargetzi fails to teach the limitations of claim 12, however, Examiner notes that Sonasath is cited as teaching such elements. Furthermore, Bargetzi is relied upon for claim 11, from which claim 12 depends (and therefore claim 12 is rejected in view of Bargetzi as well). Since Sonasath teaches this element, claim 12 is dependent from claim 11, and since Bargetzi need not teach limitations of claim 12 since such limitations are already taught by Sonsath, Applicant’s arguments are found unpersuasive. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 4, 8, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Sonasath et. al. (U.S. PG Pub. No. 20180084424; hereinafter "Sonasath")  in view of Raheman (U.S. PG Pub. No. 20070176739; hereinafter "Raheman") further in view of Brondrup (U.S. PG Pub. No. 20030208386; hereinafter "Brondrup"). 
As per claim 1, Sonasath teaches:
A guestroom assignment arrangement comprising:
Sonasath teaches a system and method of providing secure access to hotel IOT services through mobile devices. (Sonasath: abstract)
a mobile device;
 Sonasath teaches one or more mobile devices of a client. (Sonasath: paragraph [0027], Fig. 1)
With respect to the following limitation:
a reservation system that assigns a room to a guest having use of the mobile device;
 Sonasath teaches a reservation system in the form of a trusted server used for checking a user in to a hotel room. (Sonasath: paragraph [0005, 52-54], Fig. 9) Sonasath, however, does not appear to teach that the reservation system assigns the guest a room at this check-in process.
Raheman, however, teaches that when a guest uses their mobile phone to communicate with a server node (N-III) at check-in, the node N-III may assign the user a room. (Raheman: paragraph [0019], Fig. 1) Raheman teaches combining the above elements with the teachings of Sonasath for the benefit of bestowing a high level of convenience and control in the hands of the guests, providing seamless 
To the extent that Sonasath in view of Raheman does not explicitly teach that this process is performed prior to arrival, Brondrup teaches this element. Brondrup further teaches that a hotel search and reservation service may book (assign a user a room) a given room for a user and may request the secret key for opening the hotel room door, such that a user will know their room number prior to arriving at the hotel for check-in. (Brondrup: paragraph [0036, 40, 61], Fig. 2, Fig. 8) Brondrup teaches combining the above elements with the teachings of Sonasath in view of Raheman for the benefit of allowing a user to go directly to the room without having to make a check-in at the reception desk of the hotel. (Brondrup: paragraph [0061]) Therefore, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Brondrup with the teachings of Sonasath to achieve the aforementioned benefits. 
Sonasath in view of Raheman further in view of Brondrup further teaches:
and a certificate requested by the reservation system from a service unit that manages control equipment in the room, to be sent to the reservation system and the control equipment, and a key credential that is pushed to the mobile device for gaining access to the room;
Sonasath further teaches that the trusted server may request a certificate in the form of a user profile generated by a hotel provisioning server 904, wherein the hotel provisioning server may pass the user profile to the mobile device via the trusted server, and may also pass the user profile to control equipment (which manages control equipment in the room) in the form of an IoT gate way 910. (Sonasath: paragraph [0005-7, 48, 52-55], Fig. 8, 9) Raheman further teaches that the server may also push a key credential for gaining access to the room to the mobile device. (Raheman: paragraph [0019], Fig. 1) The motivation to combine Raheman persists.
To the extent that Sonasath does not explicitly teach that the reservation system "requests" a certificate, Brondrup teaches this element. Brondrup teaches that a hotel search and reservation service may process a booking and send a request for a secret key for opening of a hotel room door (Sonasath already teaches a certificate used to control equipment). (Brondrup: paragraph [0036, 40, 41], Fig. 2 showing "booking+request for secret key") Thus, Brondrup teaches the modification of Sonasath such that the trusted server "requests" the certificate in the form of the user profile. It can be seen that each element is taught by either Sonasath in view of Raheman, or by Brondrup. Modifying the teachings of Sonasath such that the certificate is "requested" does not affect the normal functioning of the elements of the claim which are taught by Sonasath in view of Raheman, since the system of Sonasath will operate in the same manner whether they certificate is merely received, or is requested. Because the elements do not affect the normal functioning of each other, the results of their combination would have been predictable. Therefore, before the effective filing date of the claimed invention, it would have been obvious to combine the teachings of Brondrup with the teachings of Sonasath in view of Raheman, since the result is merely a combination of old elements, and, since the elements do not affect the normal functioning of each other, the results of the combination would have been predictable.
and wherein when the guest with the mobile device goes to the room, the mobile device can link up with the control equipment.
 Sonasath further teaches that the guest device may link up with the IoT gateway 910 (the control equipment) to control the various devices in the room. (Sonasath: paragraph [0055], Fig. 9)
As per claim 4, Sonasath in view of Raheman further in view of Brondrup teaches all of the limitations of claim 1, as outlined above. Sonasath in view of Raheman further in view of teaches:
wherein the guest, upon linking the mobile device with the control equipment of the room can, with the mobile device, operate the control equipment in the room such as for one or more items selected from a group comprising lights, HVAC, TV, sound systems, drapes, privacy settings, kitchen appliances, and security equipment.
 Sonasath teaches that the control equipment may allow the user, via their mobile device, to control lights, HVAC, curtains, and door locks and cat's eye (security equipment). (Sonasath: paragraph [0055], Fig. 9)
As per claim 8, Sonasath teaches:
A method for room control using a mobile device, comprising:
 Sonasath teaches a system and method of providing secure access to hotel IOT services through mobile devices. (Sonasath: abstract)
With respect to the following limitation:
 assigning a guest to a room through a reservation system;
 Sonasath teaches a reservation system in the form of a trusted server used for checking a user in to a hotel room. (Sonasath: paragraph [0005, 52-54], Fig. 9) Sonasath, however, does not appear to teach that the reservation system assigns the guest a room at this check-in process.
Raheman, however, teaches that when a guest uses their mobile phone to communicate with a server node (N-III) at check-in, the node N-III may assign the user a room. (Raheman: paragraph [0019], Fig. 1) Raheman teaches combining the above elements with the teachings of Sonasath for the benefit of bestowing a high level of convenience and control in the hands of the guests, providing seamless integration of management and administration of the facility for the owner, and for providing higher customer satisfaction and cost savings. (Raheman: paragraph [0010]) Therefore, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Raheman with the teachings of Sonasath to achieve the aforementioned benefits.
To the extent that Sonasath in view of Raheman does not explicitly teach that this process is performed prior to arrival, Brondrup teaches this element. Brondrup further teaches that a hotel search and reservation service may book (assign a user a room) a given room for a user and may request the secret key for opening the hotel room door, such that a user will know their room number prior to arriving at the hotel for check-in. (Brondrup: paragraph [0036, 40, 61], Fig. 2, Fig. 8) Brondrup teaches combining the above elements with the teachings of Sonasath in view of Raheman for the benefit of allowing a user 
 Sonasath in view of Raheman further in view of Brondrup further teaches:
requesting a certificate from a management service server with the reservation system;
Sonasath further teaches that the trusted server may request a certificate in the form of a user profile generated by a hotel provisioning server 904, wherein the hotel provisioning server may pass the user profile to the mobile device via the trusted server, and may also pass the user profile to control equipment (which manages control equipment in the room) in the form of an IoT gate way 910. (Sonasath: paragraph [0005-7, 48, 52-55], Fig. 8, 9)
To the extent that Sonasath does not explicitly teach that the reservation system "requests" a certificate, Brondrup teaches this element. Brondrup teaches that a hotel search and reservation service may process a booking and send a request for a secret key for opening of a hotel room door (Sonasath already teaches a certificate used to control equipment). (Brondrup: paragraph [0036, 40, 41], Fig. 2 showing "booking+request for secret key") Thus, Brondrup teaches the modification of Sonasath such that the trusted server "requests" the certificate in the form of the user profile. It can be seen that each element is taught by either Sonasath in view of Raheman, or by Brondrup. Modifying the teachings of Sonasath such that the certificate is "requested" does not affect the normal functioning of the elements of the claim which are taught by Sonasath in view of Raheman, since the system of Sonasath will operate in the same manner whether they certificate is merely received, or is requested. Because the elements do not affect the normal functioning of each other, the results of their combination would have been predictable. Therefore, before the effective filing date of the claimed invention, it would have been obvious to combine the teachings of Brondrup with the teachings of Sonasath in view of Raheman, since the result is 
sending the certificate to control equipment for a room, and to the reservation system;
Sonasath further teaches that the trusted server may request a certificate in the form of a user profile generated by a hotel provisioning server 904, wherein the hotel provisioning server may pass the user profile to the mobile device via the trusted server, and may also pass the user profile to control equipment (which manages control equipment in the room) in the form of an IoT gate way 910. (Sonasath: paragraph [0005-7, 48, 52-55], Fig. 8, 9)
and sending a key credential for access to the room to a mobile device of the guest.
 Sonasath further teaches that the trusted server may request a certificate in the form of a user profile generated by a hotel provisioning server 904, wherein the hotel provisioning server may pass the user profile to the mobile device via the trusted server, and may also pass the user profile to control equipment (which manages control equipment in the room) in the form of an IoT gate way 910. (Sonasath: paragraph [0005-7, 48, 52-55], Fig. 8, 9) Raheman further teaches that the server may also push a key credential for gaining access to the room to the mobile device. (Raheman: paragraph [0019], Fig. 1) The motivation to combine Raheman persists.
Claims 2 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Raheman further in view of Brondrup further in view of Soni et. al. (U.S. PG Pub. No. 20160139573; hereinafter "Soni").
As per claim 2, Sonasath in view of Raheman further in view of Brondrup teaches all of the limitations of claim 1, as outlined above. Sonasath in view of Raheman further in view of teaches:
the mobile device and the control equipment contain the same certificates;
 Sonasath further teaches that the certificate in the form of the IoT profile may be sent to both the mobile device and the IoT gateway 910. (Sonasath: paragraphs [0054-55], Fig. 8)
With respect to the following limitation:
and the same certificates enable the mobile device and the control equipment to authenticate each other.
 Sonasath teaches that the certificate in the form of the IoT profile may enable the mobile device to pass an authorization token 906 to establish a secure communication NFC path between the mobile device and the IoT gateway 910. (Sonasath: paragraph [0055])
To the extent that Sonasath in view of Raheman further in view of Brondrup does not explicitly teach a "mutual" authentication, Soni teaches this element. Soni teaches, in the context of using an accessing device 10 to access a building control system, that the accessing device 10 and accessed device may mutually authenticate each other. (Soni: paragraph [0018-19, 46], Fig. 4) Soni teaches combining the above elements with the teachings of Sonasath in view of Raheman further in view of Brondrup for the benefit of overcoming the problems associated with a centralized approach and a distributed approach to building access and control. (Soni: paragraphs [002-10, 11]) Therefore, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Soni with the teachings of Sonasath in view of Raheman further in view of Brondrup to achieve the aforementioned benefits.
As per claim 6, Sonasath in view of Raheman further in view of Brondrup further in view of Soni teaches all of the limitations of claim 2, as outlined above. Sonasath in view of Raheman further in view of Brondrup further in view of Soni further teaches:
wherein the certificate is a cyber security certificate.
 Sonasath teaches that the profile may comprise access keys and authorization data generated based on user preferences, credentials, and reservation data, and therefore teaches that it may comprise a cyber-security certificate. (Sonasath: paragraph [0054])
Claim 3  rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Raheman further in view of Brondrup further in view of Soni and further in view of Warrick et. al. (U.S. PG Pub. No. 20130346564; hereinafter "Warrick").
As per claim 3, Sonasath in view of Raheman further in view of Brondrup further in view of Soni teaches all of the limitations of claim 2, as outlined above. Sonasath in view of Raheman further in view of Brondrup further in view of Soni does not appear to explicitly teach:
wherein if the guest checks out early from the room or leaves the room for another assigned room, the certificate is invalidated to prevent the guest from establishing an application link with the room checked out from the room or left by the guest having the mobile device.
 Warrick, however, teaches the revocation (by deletion of access rules, which Sonasath teaches may comprise a certificate) of guest access credentials which allow the guest to control one or more devices in a hotel room upon the guest checking out from a hotel room or checking out early from the hotel room. (Warrick: paragraph [0073, 84], Fig. 4) Warrick teaches combining the above elements with the teachings of Sonasath in view of Raheman further in view of Brondrup further in view of Soni for the benefit of allowing a guest to temporarily be able to stream media content to the media devices of the guest's assigned room while being prevented from streaming media content to media devices in other rooms. (Warrick: paragraph [0010]) Therefore, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Warrick with the teachings of Sonasath in view of Raheman further in view of Brondrup to achieve the aforementioned benefits.
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Raheman further in view of Brondrup further in view of Matthieu et. al. (U.S. PG Pub. No. 20180034913; hereinafter "Matthieu").
As per claim 5, Sonasath in view of Raheman further in view of Brondrup teaches all of the limitations of claim 1, as outlined above. With respect to the following limitation:
there is a secure and authenticated link between the service that provides the certificate and the reservation system; 
 Sonasath further teaches that the trusted server may request a certificate in the form of a user profile generated by a hotel provisioning server 904, wherein the hotel provisioning server may pass the user profile to the mobile device via the trusted server, and may also pass the user profile to control equipment (which manages control equipment in the room) in the form of an IoT gate way 910. (Sonasath: paragraph [0005-7, 48, 52-55], Fig. 8, 9) Sonasath, however, does not appear to teach the use of secure authenticated links between these devices.
To the extent that Sonasath in view of Raheman further in view of Brondrup does not explicitly teach that the connections between the certificate service and reservation system, and certificate service and the control equipment comprise secure authenticated connections, Matthieu teaches this element. Matthieu teaches, in the context of controlling IoT devices, that each connection in the system may comprise an SSL connection protocol (a secured, authenticated, link). (Matthieu: paragraph [0183], Fig. 4) Thus, Sonasath, as modified by Matthieu teaches the modification of the system of Sonasath such that each connection may comprise an SSL link. Matthieu teaches combining the above elements with the teachings of Sonasath in view of Raheman further in view of Brondrup for the benefit of securing transport of messages. Id. Therefore, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Matthieu with the teachings of Sonasath in view of Raheman further in view of Brondrup to achieve the aforementioned benefits.
Sonasath in view of Raheman further in view of Brondrup further in view of Matthieu further teaches:
and there is a secure and authenticated link between the service that provides the certificate and the control equipment of the room.
 Sonasath further teaches that the trusted server may request a certificate in the form of a user profile generated by a hotel provisioning server 904, wherein the hotel provisioning server may pass the user profile to the mobile device via the trusted server, and may also pass the user profile to control equipment (which manages control equipment in the room) in the form of an IoT gate way 910. .
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Raheman further in view of Brondrup further in view of Soni and further in view of Davis (U.S. PG Pub. No. 20170041146; hereinafter "Davis").
As per claim 7, Sonasath in view of Raheman further in view of Brondrup further in view of Soni teaches all of the limitations of claim 2, as outlined above. Sonasath in view of Raheman further in view of Brondrup further in view of Soni does not appear to explicitly teach:
wherein the certificate is a crypto random number.
 Davis, however, teaches that a certificate in the form of an access key may comprise a crypto random number. (Davis: paragraphs [0013, 28, 36]) Davis teaches combining the above elements with the teachings of Sonasath in view of Raheman further in view of Brondrup further in view of Soni for the benefit of providing a computationally efficient method of authenticating access to protected resources. (Davis: paragraph [0002]) Therefore, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Davis with the teachings of Sonasath in view of Raheman further in view of Brondrup further in view of Soni to achieve the aforementioned benefits.
Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Raheman further in view of Brondrup further in view of Kumar (U.S. PG Pub. No. 20170005945; hereinafter "Kumar").
As per claim 9, Sonasath in view of Raheman further in view of Brondrup teaches all of the limitations of claim 8, as outlined above. With respect to the following limitation:
wherein the certificate indicates the time period and place for which the certificate is valid.
 Sonasath further teaches that the authorization token and access key within the IoT profile may be time/location bound. (Sonasath: paragraph [0055])
To the extent that Sonasath in view of Raheman further in view of Brondrup does not explicitly teach a time and place for validity of the certificate, Kumar teaches this element. Kumar teaches that a configuration file may be sent to a user device 18 and one or more service devices 10, wherein the configuration file indicates which hotel services (shown in Fig. 7) that the user device is allowed to access. (Kumar: paragraphs [0093-96, 109, 118], Fig. 7, 17) In teaching which services are allowed, Kumar teaches that the place of service may be indicated by the certificate. Id. Further, Kumar teaches that the configuration file may comprise the time of validity for the file. (Kumar: paragraph [0096, 122]) Kumar teaches combining the above elements with the teachings of Sonasath in view of Raheman further in view of Brondrup for the benefit of enabling hospitality industries to provide services to a user in advance of user arrival, obviating the need for a user to scroll through service options to select services, improving guest privacy, and removing the requirement for in-person assistance and other hurdles in an unfamiliar environment. (Kumar: paragraphs [0024-28]) Therefore, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Kumar with the teachings of Sonasath in view of Raheman further in view of Brondrup to achieve the aforementioned benefits.
As per claim 10, Sonasath in view of Raheman further in view of Brondrup teaches all of the limitations of claim 8, as outlined above. Sonasath in view of Raheman further in view of Brondrup does not appear to explicitly teach:
wherein the certificate indicates attributes that the certificate supports. 
Kumar, however, teaches that a configuration file may be sent to a user device 18 and one or more service devices 10, wherein the configuration file indicates which hotel services (shown in Fig. 7) that the user device is allowed to access. (Kumar: paragraphs [0093-95, 109, 118], Fig. 7, 17) Kumar .
Claims 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Raheman further in view of Brondrup further in view of Kumar and further in view of Bargetzi et. al. (U.S. PG Pub. No. 20140074537; hereinafter "Bargetzi").
As per claim 11, Sonasath in view of Raheman further in view of Brondrup further in view of Kumar teaches all of the limitations of claim 10, as outlined above. With respect to the following limitation:
the attributes that the certificate supports comprise lights, HVAC, TV, drapes, sound systems, security components, privacy settings, and kitchen appliances.
 Sonasath teaches that the control equipment may allow the user, via their mobile device, to control lights, HVAC, curtains, and door locks and cat's eye (security equipment and privacy settings). (Sonasath: paragraph [0055], Fig. 9) Kumar further teaches that the attribute may comprise a TV and therefore a sound system as well. (Kumar: paragraph [0095], Fig. 7) Kumar also strongly suggests the control of kitchen appliances, however, figure 7 merely indicates "kitchen". Id.  The motivation to combine Kumar persists.
To the extent that Sonasath in view of Raheman further in view of Brondrup further in view of Kumar does not explicitly teach that the attributes comprise a kitchen appliance and sounds system, Bargetzi teaches this element. Bargetzi teaches a room control system 40 which may control audio video equipment as well as a kitchen appliance in the form of an oven. (Bargetzi: paragraphs [0213, 214], Fig. 
As per claim 12, Sonasath in view of Raheman further in view of Brondrup further in view of Kumar and further in view of Bargetzi teaches all of the limitations of claim 11, as outlined above. Sonasath in view of Raheman further in view of Brondrup further in view of Kumar and further in view of Bargetzi further teaches:
further comprising going to the room with the mobile device, where the mobile device links up with the control equipment of the room.
 Sonasath further teaches that the guest device may link up with the IoT gateway 910 (the control equipment) to control the various devices in the room. (Sonasath: paragraph [0055], Fig. 9)
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Raheman further in view of Brondrup further in view of Kumar further in view of Bargetzi and further in view of Soni. 
As per claim 13, Sonasath in view of Raheman further in view of Brondrup further in view of Kumar further in view of Bargetzi teaches all of the limitations of claim 12, as outlined above. With respect to the following limitation:
wherein the mobile device and the control equipment have the same certificates and thus can mutually authenticate each other.
 Sonasath teaches that the certificate in the form of the IoT profile may enable the mobile device to pass an authorization token 906 to establish a secure communication NFC path between the mobile device and the IoT gateway 910. (Sonasath: paragraph [0055])
To the extent that Sonasath in view of Raheman further in view of Brondrup does not explicitly teach a "mutual" authentication, Soni teaches this element. Soni teaches, in the context of using an accessing device 10 to access a building control system, that the accessing device 10 and accessed device may mutually authenticate each other. (Soni: paragraph [0018-19, 46], Fig. 4) Soni teaches combining the above elements with the teachings of Sonasath in view of Raheman further in view of Brondrup further in view of Kumar and further in view of Bargetzi for the benefit of overcoming the problems associated with a centralized approach and a distributed approach to building access and control. (Soni: paragraphs [002-10, 11]) Therefore, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Soni with the teachings of Sonasath in view of Raheman further in view of Brondrup further in view of Kumar and further in view of Bargetzi to achieve the aforementioned benefits.
Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Raheman further in view of Brondrup further in view of Kumar and further in view of Warrick.
As per claim 14, Sonasath in view of Raheman further in view of Brondrup further in view of Kumar teaches all of the limitations of claim 9, as outlined above. Sonasath in view of Raheman further in view of Brondrup further in view of Kumar does not appear to explicitly teach:
wherein if the guest checks out early or is assigned a different room, the certificate associated with the mobile device of the guest is revoked to prevent the mobile device from establishing an application link with the control equipment of the room.
 Warrick, however, teaches the revocation (by deletion of access rules, which Sonasath teaches may comprise a certificate) of guest access credentials which allow the guest to control one or more devices in a hotel room upon the guest checking out from a hotel room or checking out early from the hotel room. (Warrick: paragraph [0073, 84], Fig. 4) Warrick teaches combining the above elements with .
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Raheman further in view of Brondrup further in view of Kumar and further in view of Caffo et. al. (U.S. PG Pub. No. 20190057323; hereinafter "Caffo").
As per claim 15, Sonasath in view of Raheman further in view of Brondrup further in view of Kumar teaches all of the limitations of claim 10, as outlined above. Sonasath in view of Raheman further in view of Brondrup further in view of Kumar does not appear to explicitly teach:
wherein if the guest opts- in or opts-out of certain attributes during a stay, the certificate associated with the mobile device of the guest is updated to reflect a new set of attributes.
 Caffo, however, teaches that if a user purchases additional services, the user's access permissions may be updated so that they user may access the additional services through their mobile device. (Caffo: paragraph [0053, 77, 135]) Caffo teaches combining the above elements with the teachings of Sonasath in view of Raheman further in view of Brondrup further in view of Kumar for the benefit of enabling upselling of a customer via a mobile device app. (Caffo: paragraph [0135]) Therefore, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Caffo with the teachings of Sonasath in view of Raheman further in view of Brondrup further in view of Kumar to achieve the aforementioned benefits.
Claim 16  rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Brondrup.
As per claim 16, Sonasath teaches:
A system for room control comprising:
Sonasath teaches a system and method for providing secure access to hotel IOT services through mobile devices. (Sonasath: abstract)
a reservation system;
Sonasath teaches a reservation system in the form of a trusted server used for checking a user in to a hotel room. (Sonasath: paragraph [0005, 52-54], Fig. 9)
control equipment for a room;
Sonasath teaches control equipment for a room in the form of an IoT gateway 910. (Sonasath: paragraph [0055], Fig. 9)
one or more mobile devices;
Sonasath teaches one or more mobile devices of a client. (Sonasath: paragraph [0027], Fig. 1)
and a management service unit;
Sonasath teaches a management service unit in the form of a provisioning server 904. (Sonasath: paragraph [0052-55], Fig. 9)
With respect to the following limitation:
and wherein: the reservation system requests a certificate from the management service unit;
Sonasath further teaches that the trusted server may request a certificate in the form of a user profile generated by a hotel provisioning server 904, wherein the hotel provisioning server may pass the user profile to the mobile device via the trusted server, and may also pass the user profile to control equipment (which manages control equipment in the room) in the form of an IoT gate way 910. (Sonasath: paragraph [0005-7, 48, 52-55], Fig. 8, 9)
To the extent that Sonasath does not explicitly teach that the reservation system "requests" a certificate, Brondrup teaches this element. Brondrup teaches that a hotel search and reservation service may process a booking and send a request for a secret key for opening of a hotel room door (Sonasath 
the certificate is transmitted to the control equipment and the reservation system;
Sonasath further teaches that the trusted server may request a certificate in the form of a user profile generated by a hotel provisioning server 904, wherein the hotel provisioning server may pass the user profile to the mobile device via the trusted server, and may also pass the user profile to control equipment (which manages control equipment in the room) in the form of an IoT gate way 910. (Sonasath: paragraph [0005-7, 48, 52-55], Fig. 8, 9)
and the certificate is pushed by the reservation system to the one or more mobile devices.
 Sonasath further teaches that the trusted server may request a certificate in the form of a user profile generated by a hotel provisioning server 904, wherein the hotel provisioning server may pass the user profile to the mobile device via the trusted server, and may also pass the user profile to control equipment (which manages control equipment in the room) in the form of an IoT gate way 910. (Sonasath: paragraph [0005-7, 48, 52-55], Fig. 8, 9)
Claim 17 is rejected under 35 U.S.C.103 as being unpatentable over Sonasath in view of Brondrup further in view of Raheman.
As per claim 17, Sonasath in view of Brondrup teaches all of the limitations of claim 16, as outlined above. Sonasath in view of Brondrup does not appear to explicitly teach:
wherein a key credential is pushed by the reservation system to the one or more mobile devices for gaining access to the room.
 Raheman, however, teaches that when a guest uses their mobile phone to communicate with a server node (N-III) at check-in, the node N-III may assign the user a room. (Raheman: paragraph [0019], Fig. 1) Raheman further teaches that the server may also push a key credential for gaining access to the room to the mobile device. (Raheman: paragraph [0019], Fig. 1) Raheman teaches combining the above elements with the teachings of Sonasath in view of Brondrup for the benefit of bestowing a high level of convenience and control in the hands of the guests, providing seamless integration of management and administration of the facility for the owner, and for providing higher customer satisfaction and cost savings. (Raheman: paragraph [0010]) Therefore, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Raheman with the teachings of Sonasath in view of Brondrup to achieve the aforementioned benefits.
Claims 18, 20, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Brondrup further in view of Kumar.
As per claim 18, Sonasath in view of Brondrup teaches all of the limitations of claim 16, as outlined above. With respect to the following limitation:
wherein the certificate transmitted to the control equipment informs the control equipment the time and place of the validity of the certificate and attributes supported by the certificate.
 Sonasath further teaches that the authorization token and access key within the IoT profile may be time/location bound. (Sonasath: paragraph [0055])
Kumar, however, teaches that a configuration file may be sent to a user device 18 and one or more service devices 10, wherein the configuration file indicates which hotel services (shown in Fig. 7) that the user device is allowed to access. (Kumar: paragraphs [0093-95, 109, 118], Fig. 7, 17) In teaching which services are allowed, Kumar teaches that the place of service may be indicated by the certificate. Id. Further, Kumar teaches that the configuration file may comprise the time of validity for the file. (Kumar: paragraph [0096, 122]) Kumar teaches combining the above elements with the teachings of Sonasath in view of Brondrup for the benefit of enabling hospitality industries to provide services to a user in advance of user arrival, obviating the need for a user to scroll through service options to select services, improving guest privacy, and removing the requirement for in-person assistance and other hurdles in an unfamiliar environment. (Kumar: paragraphs [0024-28]) Therefore, before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Kumar with the teachings of Sonasath in view of Brondrup to achieve the aforementioned benefits.
As per claim 20, Sonasath in view of Brondrup in view of Kumar teaches all of the limitations of claim 18, as outlined above. Sonasath in view of Brondrup in view of Kumar further teaches:
wherein the control equipment performs checks on commands from the one or more mobile devices.
  Sonasath teaches control equipment for a room in the form of an IoT gateway 910 which may control the one or more devices in the room. (Sonasath: paragraph [0055], Fig. 9) Sonasath, however, does not appear to explicitly teach that the gateway performs checks on commands from the one or more devices. Kumar, however, teaches that a server which manages a number of service devices 10 (which Sonasath teaches may comprise the IoT gateway 910), may receive a configuration file from a user device 18 from a service device 10, check whether the user has access to a given device 10, and then pass instructions in the form of control files 38 back to the service device 10 so that the user device 18 may have access to the service device 10. (Kumar: paragraph [0111]) Thus, Kumar teaches the performance of checks on commands from the one or more mobile devices. The motivation to combine Kumar persists.
As per claim 21, Sonasath in view of Brondrup in view of Kumar teaches all of the limitations of claim 18, as outlined above. Sonasath in view of Brondrup in view of Kumar further teaches:
wherein the control equipment filters attributes sent to the one or more mobile devices.
Sonasath teaches control equipment for a room in the form of an IoT gateway 910 which may control the one or more devices in the room. (Sonasath: paragraph [0055], Fig. 9) Sonasath, however, does not appear to explicitly teach that the gateway filters attributes sent to the one or more mobile devices. Kumar, however, teaches that a server which manages a number of service devices 10 (which Sonasath teaches may comprise the IoT gateway 910), may receive a configuration file from a user device 18 from a service device 10, check whether the user has access to a given device 10, and then pass instructions in the form of control files 38 back to the service device 10 so that the user device 18 may have access to the service device 10. (Kumar: paragraph [0111]) Thus, Kumar teaches the filtering of the one or more attributes which have been sent to the one or more mobile devices, since it allows access to those services which have been pre-booked. The motivation to combine Kumar persists.
Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Sonasath in view of Brondrup in view of Kumar further in view of Warrick.
As per claim 19, Sonasath in view of Kumar in view of Brondrup teaches all of the limitations of claim 18, as outlined above. Sonasath in view of Brondrup in view of Kumar does not appear to explicitly teach:
wherein the control equipment deletes the certificate when the certificate expires. 
Warrick, however, teaches the revocation (by deletion of access rules, which Sonasath teaches may comprise a certificate) of guest access credentials which allow the guest to control one or more devices in a hotel room upon the guest checking out from a hotel room (the expiry of the certificate) or checking out early from the hotel room. (Warrick: paragraph [0073, 84, 131-132], Fig. 4) Warrick teaches combining the above elements with the teachings of Sonasath in view of Brondrup in view of Kumar for the benefit of allowing a guest to temporarily be able to stream media content to the media devices of the .
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EMMETT K WALSH whose telephone number is (571)272-2624.  The examiner can normally be reached on Mon.-Fri. 6 a.m. - 4:45 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Flynn can be reached on 571-270-3108.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available 






/EMMETT K. WALSH/Examiner, Art Unit 3628