DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/09/2019 was filed is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Terminal Disclaimer
The terminal disclaimer filed on 05/04/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Patent No: 10419931 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

EXAMINER’S AMENDMENT
3.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Frank V. DeRosa (Reg. No: 43,584) on May 14, 2021. 

CLAIMS
4.	The application has been amended as follows: 

1. (Currently Amended)  A method, comprising:
receiving, by a centralized security system which is configured to operate within a machine-to-machine communication network as a security layer between a plurality of devices operating within the network and a computing system which hosts an application that is utilized by the devices, a digital certificate from a given device requesting access to the computing system, the digital certificate being previously issued to the given device by the centralized security system in response to the given device registering with the centralized security system and being authenticated as a trusted device to operate within the network;
initiating, by the centralized security system, a secured communications channel between the centralized security system and the given device, in response to the centralized security system determining that the digital certificate received from the given device is valid;
receiving, by the centralized security system, a request from the given device over the secured communications channel to access the computing system to perform a requested operation, the received request being encrypted using a session key issued by the centralized security system, and the received request comprising device identifying information of the given device; 
processing, by the centralized security system, the received request to determine if the requested operation is trusted; 
denying, by the centralized security system, the received request to perform the requested operation, in response to determining that the requested operation is not trusted; and
sending, by the centralized security system, the received request to the computing system, in response to the centralized security system determining that the given device is valid based on the device identifying information in the received request and that the requested operation is trusted;
wherein the centralized security system comprises at least one processor operatively coupled to a memory having stored therein program code, wherein the program code is executable by the at least one processor to implement one or more of the above steps. 

2. (Original)  The method of claim 1, wherein the machine-to-machine communication network comprises a wireless sensor network.

3. (Original)  	The method of claim 1, wherein the plurality of devices operating within the network comprise wireless sensor devices.

4. (Original)  	The method of claim 1, comprising determining whether the given device is valid by comparing the device identifying information in the received request against corresponding device identifying information associated with the digital certificate which was received from the given device and deemed valid by the centralized security system.



6. (Original)  	The method of claim 5, comprising invalidating the digital certificate of the given device, which was issued by the centralized security system to the given device, in response to the given device not being validated based on the extracted device identifying information.

7. (Original)  	The method of claim 1, comprising:
registering the centralized security system with the computing system; and
registering the plurality of devices with the centralized security system.

8. (Original)  	The method of claim 7, wherein:
registering the centralized security system with the computing system comprises:
generating, by the centralized security system, a certificate signing request;
transmitting, by the centralized security system, the certificate signing request to the computing system; and
receiving, by the centralized security system, a signed digital certificate which authenticates an identity of the centralized security system and which is utilized to establish secured communications between the centralized security system and the computing system; and
registering the plurality of devices with the centralized security system comprises:

generating, by the centralized security system, a signed digital certificate, which authenticates an identity of the given device as a trusted device, and which is utilized to establish secured communications between the centralized security system and the given device. 

9. (Original)  	The method of claim 1, comprising:
receiving, by the centralized security system, device operational data from the plurality of devices operating within the network, wherein the device operational data comprises at least one of power usage data and resource usage data as reported by the devices operating within the network;
processing, by the centralized security system, the device operational data to detect anomalous behavior of the devices operating within the network; and
preventing, by the centralized security system, a given device from operating within the network in response to detecting that the given device is exhibiting anomalous behavior.

10. (Canceled) 

11. (Original)  	The method of claim 1, comprising:
obtaining, by the centralized security system, a patch from the computing system; and

 
12. (Currently Amended) An article of manufacture comprising a non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code is executable by one or more processors to implement a method comprising: 
receiving, by a centralized security system which is configured to operate within a machine-to-machine communication network as a security layer between a plurality of devices operating within the network and a computing system which hosts an application that is utilized by the devices, a digital certificate from a given device requesting access to the computing system, the digital certificate being previously issued to the given device by the centralized security system in response to the given device registering with the centralized security system and being authenticated as a trusted device to operate within the network;
initiating, by the centralized security system, a secured communications channel between the centralized security system and the given device, in response to the centralized security system determining that the digital certificate received from the given device is valid;
receiving, by the centralized security system, a request from the given device over the secured communications channel to access the computing system to perform a requested operation, the received request being encrypted using a session key issued by the centralized security system, and the received request comprising device identifying information of the given device; 
processing, by the centralized security system, the received request to determine if the requested operation is trusted; 
denying, by the centralized security system, the received request to perform the requested operation, in response to determining that the requested operation is not trusted; and
sending, by the centralized security system, the received request to the computing system, responsive to the centralized security system determining that the given device is valid based on the device identifying information in the received request and that the requested operation is trusted.

13. (Original) The article of manufacture of claim 12, further comprising program code which is executable by the one or more processors for determining whether the given device is valid by comparing the device identifying information in the received request against corresponding device identifying information associated with the digital certificate which was received from the given device and deemed valid by the centralized security system.

14. (Original) The article of manufacture of claim 13, further comprising program code which is  executable by the one or more processors for denying the received request, by the centralized security system, in response to the given device not being validated based on the extracted device identifying information.

15. (Original) The article of manufacture of claim 14, further comprising program code which is executable by the one or more processors for invalidating the digital 

16. (Original) The article of manufacture of claim 12, further comprising program code which is executable by the one or more processors for:
registering the centralized security system with the computing system; and
registering the plurality of devices with the centralized security system.

17. (Original) The article of manufacture of claim 16, wherein:
registering the centralized security system with the computing system comprises:
generating, by the centralized security system, a certificate signing request;
transmitting, by the centralized security system, the certificate signing request to the computing system; and
receiving, by the centralized security system, a signed digital certificate which authenticates an identity of the centralized security system and which is utilized to establish secured communications between the centralized security system and the computing system; and 
registering the plurality of devices with the centralized security system comprises:
receiving, by the centralized security system, a certificate signing request from a given device requesting registration as a trusted device; and
generating, by the centralized security system, a signed digital certificate, which authenticates an identity of the given device as a trusted 

18. (Original) The article of manufacture of claim 12, further comprising program code which is executable by the one or more processors for:
receiving, by the centralized security system, device operational data from the plurality of devices operating within the network, wherein the device operational data comprises at least one of power usage data and resource usage data as reported by the devices operating within the network;
processing, by the centralized security system, the device operational data to detect anomalous behavior of the devices operating within the network; and
preventing, by the centralized security system, a given device from operating within the network in response to detecting that the given device is exhibiting anomalous behavior.

19. (Canceled) 

20. (Currently Amended) A computing device, comprising:
at least one processor; and 
at least one memory device configured to store program code, wherein the program code is executable by the at least one processor to implement a centralized security system which is configured to  operate within a machine-to-machine communication network as a security layer between a plurality of devices operating within the network and a computing 
receiving a digital certificate from a given device requesting access to the computing system, the digital certificate being previously issued to the given device by the centralized security system in response to the given device registering with the centralized security system and being authenticated as a trusted device to operate within the network;
initiating
receiving a request from the given device over the secured communications channel to access the computing system to perform a requested operation, the received request being encrypted using a session key issued by the centralized security system, and the received request comprising device identifying information of the given device; 
 processing the received request to determine if the requested operation is trusted; 
denying the received request to perform the requested operation, in response to determining that the requested operation is not trusted; and
sending the received request to the computing system, in response to the centralized security system determining that the given device is valid based on the device identifying information in the received request and that the requested operation is trusted. 

21. (New) The computing device of claim 20, wherein the centralized security system is further configured to execute a process comprising:

denying the received request in response to the given device not being validated based on the extracted device identifying information.

22. (New) The computing device of claim 21, wherein the centralized security system is further configured to execute a process comprising invalidating the digital certificate of the given device, which was issued by the centralized security system to the given device, in response to the given device not being validated based on the extracted device identifying information.


Examiner’s Statement of Reasons for Allowance

5.	Claims 1-9, 11-18 and 20-22 are allowed. 
6.	The present invention is directed to: systems, methods, and articles of manufacture comprising processor-readable storage media are provided for implementing security for a network environment using a centralized smart security system. For example, a method includes implementing a network comprising a plurality of network devices which collectively generate data that is utilized by a computing system to execute an application, and implementing a centralized security system as a computing node within the network to manage security operations within the network and 
The closest prior art, includes the following references: and Porambage et al (“Porambage,” Two-phase authentication protocol for wireless sensor networks in distirbuted IoT applications, 2014 IEEE Wireless Communications and Networking Conference (WCNC), Pages 2728-2733 (Year: 2014)), Khalil et al (“Khalil, “Wireless Sensor Network for Internet of Things,” cs. Nl, June 27, 2016, Pages 1 -6) and Datta et al (“Datta,” US 20140215207). 
Porambage is directed to: a centralized Wireless Sensor Network (WSN) architecture where a central entity, which acquires, processes and provides information from sensor nodes. Conversely, in the WSN applications in distributed Internet of Things (IoT) architecture, sensor nodes sense data, process, exchange information and perform collaboratively with other sensor nodes and endusers. In order to maintain the trustworthy connectivity and the accessibility of distributed IoT, it is important to establish secure links for end-to-end communication with proper authentication. The authors propose an implicit certificate-based authentication mechanism for WSNs in distributed IoT applications. The developed two-phase authentication protocol allows the sensor nodes and the end-users to authenticate each other and initiate secure connections. The proposed protocol supports the resource scarcity of the sensor nodes, heterogeneity and scalability of the network. The performance and security analysis justify that the proposed scheme is viable to deploy in resource constrained WSNs. 

Datta is directed to: systems and methods for provisioning and managing of certificates in a network are described. In one implementation, a signing certificate is generated by a network device based on a root certificate of the network device. Based on the signing certificate of the network device, a client-device certificate is signed for a client device. The signed client-device certificate is provided to the client device for allowing the client device to access a secure service provided by the network device.
For example, none of the cited prior art teaches or suggests the steps of independent claims 1, 12 and 20: receiving, by the centralized security system, a request from the given device over the secured communications channel to access the computing system to perform a requested operation, the received request being encrypted using a session key issued by the centralized security system, and the received request comprising device identifying information of the given device; processing, by the centralized security system, the received request to determine if the requested operation is trusted; denying, by the centralized security system, the received request to perform the requested operation, in response to determining that the requested operation is not trusted; and sending, by the centralized security system, the received request to the computing system, in response to the centralized security system determining that the given device is valid based on the device identifying information in the received request and that the requested operation is trusted; wherein the centralized security system comprises at least one processor operatively coupled to a memory having stored therein 
Therefore, the claims are allowable over the cited prior art. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774.  The examiner can normally be reached on M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status 






/JAMES J WILCOX/           Examiner, Art Unit 2439                                                                                                                                                                                             



/LUU T PHAM/           Supervisory Patent Examiner, Art Unit 2439