DETAILED ACTION
	This is in response to the application filed on March 15, 2019 where Claims 1 – 9 were originally filed.  A preliminary amendment was made on March 15, 20219 to eliminate multiple dependency issues for Claims 5, 7, and 8.  Claims 1 – 9, of which Claims 1 and 9 are in independent form, are presented for examination.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on March 15, 2019 was filed before the mailing date of the current action.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 

Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1 – 8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1, claim limitation “public key providing means configured to acquire a first public key unique to the device from a blockchain storing the first public key in association with a first trail unique to the device in response to a query using the first trail” has been evaluated under the three-prong test set forth in MPEP § 2181, subsection I, but the result is inconclusive. Thus, it is unclear whether this limitation should be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because it is unclear if the structure is the blockchain storing the first public key in association with a first trail unique to the device, that the acquiring is in response to a query using the first trail, or generic structure (e.g., generic network interface or CPU w/ instructions).  The boundaries of this claim limitation are ambiguous; therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Furthermore, the corresponding structure is required to be more than simply a general purpose computer or microprocessor. See Aristocrat, 521 F.3d 1328, 1333, (Fed. Cir. 2008).  The corresponding structure for a computer-implemented function must include the algorithm as well as the general purpose computer or microprocessor. See WMS Gaming, Inc., 184 F.3d 1339 (Fed. Cir. 1999). The written description of the specification must at least disclose the algorithm that transforms the general purpose microprocessor to a special purpose computer programmed to perform the disclosed algorithm that performs the claimed function. See Aristocrat, 521 F.3d at 1338. Applicant may express the algorithm in any understandable terms including as a mathematical formula, in prose, in a flow chart, or in any other manner that provides sufficient structure. See Finisar Corp., 523 F.3d 1323, 1340, (Fed. Cir. 2008).

2.	Regarding Claim 1, claim limitation “provisioning data providing means configured to acquire the first public key through the public key providing means and transmit the provisioning data encrypted with the first public key to the device in response to a query using the first trail from the device” has been evaluated under the three-prong test set forth in MPEP § 2181, subsection I, but the result is inconclusive because it is unclear if the applicable structure is the encrypting of the provisioning data with the first public key, being in response to the query using the first trail from the device, or generic structure (e.g., generic network interface or CPU w/ instructions).  The boundaries of this claim limitation are ambiguous; therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
	Furthermore, the corresponding structure is required to be more than simply a general purpose computer or microprocessor. See Aristocrat, 521 F.3d 1328, 1333, (Fed. Cir. 2008).  Detail regarding generic structure in Section 1 is reiterated herein.
Claim 1, claim limitation “provisioning execution means configured to acquire the provisioning data encrypted in response to a query using the first trail to the provisioning data providing means and decrypt the encrypted provisioning data by using the first private key” has been evaluated under the three-prong test set forth in MPEP § 2181, subsection I, but the result is inconclusive because it is unclear if the applicable structure is the decrypting of the encrypted provisioning data with the first private key, being in response to the query using the first trail, or generic structure (e.g., generic network interface or CPU w/ instructions).  The boundaries of this claim limitation are ambiguous; therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Furthermore, the corresponding structure is required to be more than simply a general purpose computer or microprocessor. See Aristocrat, 521 F.3d 1328, 1333, (Fed. Cir. 2008).  Detail regarding generic structure in Section 1 is reiterated herein.
4.	Regarding Claim 2, claim limitation “trail registration means configured to acquire the first trail through registration of the first public key to the blockchain” has been evaluated under the three-prong test set forth in MPEP § 2181, subsection I, but the result is inconclusive because it is unclear if the applicable structure is the registration of the first public key to the blockchain or generic structure (e.g., generic network interface or CPU w/ instructions).  The boundaries of this claim limitation are ambiguous; therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.

5.	Regarding Claim 3, there is further ambiguity regarding “trail invalidation means configured to invalidate the first trail and the first public key in the blockchain,” “reinitialization instruction means configured to transmit a new initial use private key and new device identification data,” “reinitialization means configured to perform storage of the new initial use private key in the secure region, deletion of the first private key from the secure region, storage of the new device identification data in the normal region, deletion of the first trail from the normal region, and request of invalidation of the first trail.”  The claimed boundary of these limitations appear to be generic structure (e.g., generic network interface or CPU w/ instructions). 
Furthermore, the corresponding structure is required to be more than simply a general purpose computer or microprocessor. See Aristocrat, 521 F.3d 1328, 1333, (Fed. Cir. 2008).  Detail regarding generic structure in Section 1 is reiterated herein.
6.	Regarding Claims 4 – 8, the claims are rejected based on their dependency of Claims 1, 2, or 3 and because they do not resolve the ambiguity presented above.
Furthermore, the corresponding structure is required to be more than simply a general purpose computer or microprocessor. See Aristocrat, 521 F.3d 1328, 1333, (Fed. Cir. 2008).  Detail regarding generic structure in Section 1 is reiterated herein.

In response to these rejections, applicant must clarify whether this limitation should be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. 
(a)	Amend the claim to clearly invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, by reciting “means” or a generic placeholder for means, or by reciting “step.” The “means,” generic placeholder, or “step” must be modified by functional language, and must not be modified by sufficient structure, material, or acts for performing the claimed function;
(b)	Present a sufficient showing that 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, should apply because the claim limitation recites a function to be performed and does not recite sufficient structure, material, or acts to perform that function; 
(c)	Amend the claim to clearly avoid invoking 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, by deleting the function or by reciting sufficient structure, material or acts to perform the recited function; or
(d)	Present a sufficient showing that 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, does not apply because the limitation does not recite a function or does recite a function along with sufficient structure, material or acts to perform that function.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1 – 8 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
Claim 1, the claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter.  While the claim recites a device provisioning system, the claimed “means for” limitations are not positively tied to a particular machine that is part of the claimed invention due to the ambiguity indicated above.  Any limitation interpreted under 112(f) cannot be generalized structure, such as a processor and memory.  The structure must have specific components and/or steps that are specific to the claimed limitations.  If the structure comprises a series of steps, the various “means for” limitations, given the broadest reasonable interpretation, can be solely software, which is non-statutory per se.  While the system is for provisioning a device, no specific components within the system are claimed as being part of or as being a device (machine).
8.	Regarding Claims 2 – 8, the claims are rejected based on their dependency of Claim 1 and because they do not provide components that are not solely software.  For example, Claim 8 recited a device authentication server.  However, a server, without further details, can simply be software.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 9 are rejected under 35 U.S.C. 103 as being unpatentable over PGPub. 2011/0258434 (hereinafter “Qiu”), in view of PGPub. 2018/0097635 (hereinafter “Moses”) which has priority to September 30, 2016 via provisional application 62/402226.
9.	Regarding Claim 1, Qiu disclose of a device provisioning system that provides a device with provisioning data for provisioning the device and loads the provisioning data onto the device [Abstract; Para. 0039; PKI/identity generation system provides new PKI data to be provisioned into devices], the device provisioning system comprising:
public key providing means configured to acquire a first public key unique to the device from a (database)
provisioning data providing means configured to acquire the first public key through the public key providing means and transmit the provisioning data encrypted with the first public key to the device in response to a query using the first trail from the device [Para. 0027-28, 0030, 0039, 0044-45; new PKI data (provisioning data) is encrypted with the public key and sent to the respective device], wherein the device includes
a storage unit including 

	Qiu also discloses that hardware security modules may be used to securely store private keys and secure data [Para. 0021].  Qiu, however, does not specifically disclose that the database is a blockchain and that the device comprises a secure region in which the first private key is stored.
	Moses discloses a system and method for binding user/device identities with their associated public keys in a blockchain and using the blockcahin to provision software code in a secure manner [Abstract; Para. 0013].  Moses further discloses that the private keys of each respective device can be stored in a secure wallet, thus the HSMs can be implemented on client devices (device comprises a secure region in which the first private key is stored) [Fig. 1; Para. 0023].  It would have been obvious to one skilled in the art before the effective filing date of the current invention to combine the teachings of Moses with Qiu since both systems use a centralized entity to store public keys for participants in their respective systems.  The combination would enable the Moses system to utilize a blockchain as a database for publishing the public keys of participants of the system.  The motivation to do so is to provide improved security through one or more of source authentication and/or confidentiality since the public key are more reliable within a blockchain [Moses, Para. 0013].
Claim 2, Qiu, in view of Moses, discloses all the limitations of Claim 1 above.  The combination of Qiu and Moses further discloses of comprising trail registration means configured to acquire the first trail through registration of the first public key to the blockchain [Moses; Para. 0027, identity binding request comprising public keys and corresponding identification information], wherein
when, in an initial state in which the device is not provided with the provisioning data, the provisioning data providing means is successful in verification of validity of the device based on the device identification data transmitted from the device while an initial use private key unique to the device [Qiu, Para. 0039; initial PKI/identity data installed at the factory] is stored in the secure region [Moses, Fig. 1; Para. 0023], and device identification data including an initial use public key corresponding to the initial use private key is stored in the normal region [Para. 0036, 0061; storage devices within device], the provisioning data providing means performs
generation of the first private key and the first public key [Qiu; Para. 0045; generate new key pair],
acquisition of the first trail through registration of the first public key to the blockchain by the trail registration means [Moses; Para. 0027, identity binding request comprising public keys and corresponding identification information], and
transmission of initial use data including the first private key and the first trail and encrypted with the initial use public key to the device [Para. 0039; new PKI/identity data, where the new PKI data is encrypted with the initial PKI public key], and

11.	Regarding Claim 3, Qiu, in view of Moses, discloses all the limitations of Claim 2 above.  The combination of Qiu and Moses further discloses:
trail invalidation means configured to invalidate the first trail and the first public key in the blockchain [Moses; Para. 0015; withdrawal of binding]; and
reinitialization instruction means configured to transmit a new initial use private key and new device identification data including a new initial use public key corresponding to the new initial use private key to the device [Qiu, Para. 0045; generating of new PKI data and new ID], wherein the device further includes reinitialization means configured to perform storage of the new initial use private key in the secure region [Moses, Fig. 1; Para. 0023], deletion of the first private key from the secure region [Moses, Fig. 1; Para. 0023], storage of the new device identification data in the normal region, deletion of the first trail from the normal region [Para. 0036, 0061; storage devices within devices], and request of invalidation of the first trail and the first public key in the blockchain to the trail invalidation means [Moses; Para. 0015; withdrawal of binding].
12.	Regarding Claim 4, Qiu, in view of Moses, discloses all the limitations of Claim 3 above.  The combination of Qiu and Moses further discloses that when the provisioning data providing means checks necessity of updating the first trail and the first public key registered to the blockchain and determines that the first trail and the first public key 
generation of a new first private key and a new first public key [Qui; Para. 0045], and acquisition of a new first trail through registration of the new first public key to the blockchain by the trail registration means [Moses; Para. 0027, identity binding request comprising public keys and corresponding identification information],
the new first private key and the new first trail are included in the provisioning data [Qui, Para. 0045], and the provisioning execution means performs storage of the new first private key in the secure region, [Moses, Fig. 1; Para. 0023], deletion of the first private key from the secure region [Moses, Fig. 1; Para. 0023], storage of the new first trail in the normal region, deletion of the first trail from the normal region [Para. 0036, 0061; storage devices within devices], and request of invalidation of the first trail and the first public key in the blockchain to the trail invalidation means [Moses; Para. 0015; withdrawal of binding].
13.	Regarding Claim 5, Qiu, in view of Moses, discloses all the limitations of Claim 1 above.  Moses further discloses that the provisioning data includes a program file configured to operate on the device [Para. 0013; can also be used to provision software code update modules].
14.    Regarding Claim 6, Qiu, in view of Moses, discloses all the limitations of Claim 5 above.  The combination of Qiu and Moses further discloses that the program file is a program file for activation of the device [Moses; Para. 0013], and the provisioning execution means acquires the provisioning data at activation of the device [Para. 0039; 
15.	Regarding Claim 7 Qiu, in view of Moses, discloses all the limitations of Claim 1 above.  The combination of Qiu and Moses further discloses that the blockchain also stores a second trail and a second public key in association with each other [Moses; Para. 0031; additional public keys associated with different entities],
the provisioning data providing means performs the encryption of the provisioning data provided with an electronic signature based on a second private key corresponding to the second public key [Moses; Para. 0028],
the normal region also stores the second trail [Para. 0036, 0061; storage devices within devices], and
the provisioning execution means performs acquisition of the second public key through a query using the second trail to the public key providing means, and verification of the electronic signature based on the second private key by using the second public key [Moses; Para. 0028, 0031].
16.	Regarding Claim 8, Qiu, in view of Moses, discloses all the limitations of Claim 1 above.  Qiu further discloses of:
a device authentication server including the public key providing means [Para. 0045; new data generation module checks whitelist for the device ID and retrieves new PKI data]; and 
a provisioning server including the provisioning data providing means [Para. 0030; update server].
Claim 9, Qiu discloses of a provisioning method of providing a device with provisioning data for provisioning the device and loading the provisioning data onto the device [Abstract; Para. 0039; PKI/identity generation system provides new PKI data to be provisioned into devices], wherein the device includes a storage unit including:

a normal region in which a first trail unique to the device 
acquiring the first public key 
encrypting the provisioning data with the first public key and transmitting the encrypted provisioning data to the device [Para. 0027-28, 0030, 0039, 0044-45; new PKI data (provisioning data) is encrypted with the public key and sent to the respective device]; and
decrypting, by the device, the encrypted provisioning data by using the first private key [Para. 0027-28, 0039; in response to the request, new PKI data is decrypted with the appropriate private key within the device].
	Qiu also discloses that hardware security modules may be used to securely store private keys and secure data [Para. 0021].  Qiu, however, does not specifically disclose 
	Moses discloses a system and method for binding user/device identities with their associated public keys in a blockchain and using the blockcahin to provision software code in a secure manner [Abstract; Para. 0013].  Moses further discloses that the private keys of each respective device can be stored in a secure wallet, thus the HSMs can be implemented on client devices (device comprises a secure region in which the first private key is stored) [Fig. 1; Para. 0023].  It would have been obvious to one skilled in the art before the effective filing date of the current invention to combine the teachings of Moses with Qiu since both systems use a centralized entity to store public keys for participants in their respective systems.  The combination would enable the Moses system to utilize a blockchain as a database for publishing the public keys of participants of the system.  The motivation to do so is to provide improved security through one or more of source authentication and/or confidentiality since the public key are more reliable within a blockchain [Moses, Para. 0013].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
PGPub. 2018/0183587 – system and method for updating and recording public keys for IoT devices within a blockchain;
PGPub. 2013/0219381 – system and method for downloading applications encrypted with device specific public keys;
PGPub. 2018/0254898 – system and method registering a device’s public key.
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979.  The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on (571) 272-4006.  The fax phone number for submitting all Official communications is (703) 872-9306.  The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).

/TAE K KIM/Tae K. Kim
Primary Examiner, Art Unit 2492