DETAILED ACTION
This Office action is in response to a non-provisional utility patent application filed by Applicant on 8/7/2019.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Information Disclosure Statement PTO-1449
The Information Disclosure Statement submitted by applicant on 8/7/2019 has been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-5, 7-8, 10-12, 14-15, 17-19 rejected under 35 U.S.C. 103 as being unpatentable over Czeskis (U.S. Pat. 9,449,160 B1) in view of O’Brien (U.S. Pat. App. Pub. 2008/0235511 A1).
Regarding claim 1, Czeskis discloses: a method comprising: obtaining a registration from a new device (an unassociated device sends a request to a service provider including device information such as make, model, and unique identifier of the unassociated device. Czeskis Fig. 2 and col. 4, ll. 26-33.); providing the new device with an ultrasound token (the service provider receives the request and sends a token to the unassociated device. Czeskis Fig. 2 and col. 4, ll. 34-44.); obtaining a notification from a user device that detected the ultrasound token broadcast from the new device (the unassociated device broadcasts the token via ultrasound. Czeskis Fig. 2, col. 4, ll. 45-51. The associated device detects the broadcast signal from the unassociated device and parse the signal to obtain the token. Czeskis Fig. 2, col. 4, ll. 52-58. The associated device sends the token to the service provider. Czeskis Fig. 2, col. 4, ll. 59-67. The receipt of the token from the associated device amounts to obtaining a notification of the above.); determining a device identity for the new device (the service provider receives the token from the associated device and use the received token to obtain the device information associated with the unassociated device. Czeskis Fig. 2, col. 4, ll. 59-67.); and providing cryptographic information to the new device (the token is sent encrypted or otherwise obfuscated. Czeskis Fig. 2 and col. 4, ll. 34-44.).
Czeskis does not disclose: the cryptographic information enabling the new device to connect to an organizational structure with the device identity.
However, O’Brien does disclose: providing cryptographic information to the new device, the cryptographic information enabling the new device to connect to an organizational structure with the device identity (establishing a communications session between a device agent and a secure access server by encrypting a device identifier for use in authenticating the device agent and sharing the encrypted device identified and symmetric keys to facilitate secure access to the network. O’Brien para. 0012.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art to modify the adding of a user account to an unassociated device my means of sharing an ultrasound token between a service provider, associated device and an unassociated device of Czeskis with the sharing cryptographic information to a new device to assist connection using the device identity based upon the teachings of O’Brien.  The motivation being to secure authentication and verification of a new device for establishing a communication session. O’Brien para. 0012.
Regarding claim 3, Czeskis in view of O’Brien teaches the limitations of claim 1, wherein the notification includes device context for the new device provided by the user device (the service provider receives the token from the associated device and use the received token to obtain the device information associated with the unassociated device. Czeskis Fig. 2, col. 4, ll. 59-67.).  
Regarding claim 4, Czeskis in view of O’Brien teaches the limitations of claim 1, wherein determining the device identity comprises: providing device context to an administrative device; and obtaining the device identity from the administrative device (upon receipt of the token the service provider obtains device information including authorization instructions. Czeskis Fig. 2 and col. 6, ll. 7-16.).  
Regarding claim 5, Czeskis in view of O’Brien teaches the limitations of claim 1, further comprising: obtaining a one-time-password to authenticate the device identity at the new device; and encrypting the one-time-password with a public key associated with the new device to generate the cryptographic information (the key exchange includes a one-time symmetric key exchange that permits the client and device agents to take advantage of the greater speed of symmetric-key encryption for communication. O’Brien para. 0036.).  
Regarding claim 7, Czeskis in view of O’Brien teaches the limitations of claim 1, further comprising: obtaining device information for the new device from a sales portal; and authorizing the device identity for the new device based at least in part on the device information from the sales portal (the service provider correlates the received device information with an indication of the token that it sent to the unassociated device and stores this information in a memory for retrieval. Czeskis col. 34-44.).
Regarding claim 8, Czeskis discloses: an apparatus comprising: a network interface configured to communicate with computing devices across one or more computer networks; a processor coupled to the network interface, the processor configured to: obtain a registration from a new device via the network interface (an unassociated device sends a request to a service provider including device information such as make, model, and unique identifier of the unassociated device. Czeskis Fig. 2 and col. 4, ll. 26-33.); cause the network interface to provide the new device with an ultrasound token (the service provider receives the request and sends a token to the unassociated device. Czeskis Fig. 2 and col. 4, ll. 34-44.); obtain via the network interface, a notification from a user device that detected the ultrasound token broadcast from the new device (the unassociated device broadcasts the token via ultrasound. Czeskis Fig. 2, col. 4, ll. 45-51. The associated device detects the broadcast signal from the unassociated device and parse the signal to obtain the token. Czeskis Fig. 2, col. 4, ll. 52-58. The associated device sends the token to the service provider. Czeskis Fig. 2, col. 4, ll. 59-67. The receipt of the token from the associated device amounts to obtaining a notification of the above.); determine a device identity for the new device (the service provider receives the token from the associated device and use the received token to obtain the device information associated with the unassociated device. Czeskis Fig. 2, col. 4, ll. 59-67.); and cause the network interface to provide cryptographic information to the new device (the token is sent encrypted or otherwise obfuscated. Czeskis Fig. 2 and col. 4, ll. 34-44.).
Czeskis does not disclose: the cryptographic information enabling the new device to connect to an organizational structure with the device identity.
However, O’Brien does disclose: the cryptographic information enabling the new device to connect to an organizational structure with the device identity (establishing a communications session between a device agent and a secure access server by encrypting a device identifier for use in authenticating the device agent and sharing the encrypted device identified and symmetric keys to facilitate secure access to the network. O’Brien para. 0012.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art to modify the adding of a user account to an unassociated device my means of sharing an ultrasound token between a service provider, associated device and an unassociated device of Czeskis with the sharing cryptographic information to a new device to assist connection using the device identity based upon the teachings of O’Brien.  The motivation being to secure authentication and verification of a new device for establishing a communication session. O’Brien para. 0012.
 Regarding claim 10, Czeskis in view of O’Brien teaches the limitations of claim 8, wherein the processor is further configured to obtain device context for the new device from the notification provided by the user device (the service provider receives the token from the associated device and use the received token to obtain the device information associated with the unassociated device. Czeskis Fig. 2, col. 4, ll. 59-67.).  
Regarding claim 11, Czeskis in view of O’Brien teaches the limitations of claim 8, wherein the processor is configured to determine the device identity by: causing the network interface to provide device context to an administrative device; and obtaining the device identity from the administrative device via the network interface (upon receipt of the token the service provider obtains device information including authorization instructions. Czeskis Fig. 2 and col. 6, ll. 7-16.).  
Regarding claim 12, Czeskis in view of O’Brien teaches the limitations of claim 8, wherein the processor is further configured to: obtain a one-time-password to authenticate the device identity at the new device; and encrypt the one-time-password with a public key associated with the new device to generate the cryptographic information (the key exchange includes a one-time symmetric key exchange that permits the client and device agents to take advantage of the greater speed of symmetric-key encryption for communication. O’Brien para. 0036.)  
Regarding claim 14, Czeskis in view of O’Brien teaches the limitations of claim 8, wherein the processor is configured to: obtain via the network interface, device information for the new device from a sales portal; and authorize the device identity for the new device based at least in part on the device information from the sales portal (the service provider correlates the received device information with an indication of the token that it sent to the unassociated device and stores this information in a memory for retrieval. Czeskis col. 34-44.).  
Regarding claim 15, Czeskis discloses: one or more non-transitory computer readable storage media encoded with instructions that, when executed by a processor of an onboarding server, cause the processor to: obtain a registration from a new device (an unassociated device sends a request to a service provider including device information such as make, model, and unique identifier of the unassociated device. Czeskis Fig. 2 and col. 4, ll. 26-33.); provide the new device with an ultrasound token (the service provider receives the request and sends a token to the unassociated device. Czeskis Fig. 2 and col. 4, ll. 34-44.); obtain a notification from a user device that detected the ultrasound token broadcast from the new device (the unassociated device broadcasts the token via ultrasound. Czeskis Fig. 2, col. 4, ll. 45-51. The associated device detects the broadcast signal from the unassociated device and parse the signal to obtain the token. Czeskis Fig. 2, col. 4, ll. 52-58. The associated device sends the token to the service provider. Czeskis Fig. 2, col. 4, ll. 59-67. The receipt of the token from the associated device amounts to obtaining a notification of the above.); determine a device identity for the new device (the service provider receives the token from the associated device and use the received token to obtain the device information associated with the unassociated device. Czeskis Fig. 2, col. 4, ll. 59-67.); and provide cryptographic information to the new device (the token is sent encrypted or otherwise obfuscated. Czeskis Fig. 2 and col. 4, ll. 34-44.).
Czeskis does not disclose: the cryptographic information enabling the new device to connect to an organizational structure with the device identity. 
However, O’Brien does disclose: the cryptographic information enabling the new device to connect to an organizational structure with the device identity (establishing a communications session between a device agent and a secure access server by encrypting a device identifier for use in authenticating the device agent and sharing the encrypted device identified and symmetric keys to facilitate secure access to the network. O’Brien para. 0012.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art to modify the adding of a user account to an unassociated device my means of sharing an ultrasound token between a service provider, associated device and an unassociated device of Czeskis with the sharing cryptographic information to a new device to assist connection using the device identity based upon the teachings of O’Brien.  The motivation being to secure authentication and verification of a new device for establishing a communication session. O’Brien para. 0012.
 Regarding claim 17, Czeskis in view of O’Brien teaches the limitations of claim 15, further comprising instructions operable to cause the processor to obtain from the notification, device context for the new device provided by the user device (the service provider receives the token from the associated device and use the received token to obtain the device information associated with the unassociated device. Czeskis Fig. 2, col. 4, ll. 59-67.).  
Regarding claim 18, Czeskis in view of O’Brien teaches the limitations of claim 15, further comprising instructions operable to cause the processor to determine the device identity by: providing device context to an administrative device; and obtaining the device identity from the administrative device (upon receipt of the token the service provider obtains device information including authorization instructions. Czeskis Fig. 2 and col. 6, ll. 7-16.).  
Regarding claim 19, Czeskis in view of O’Brien teaches the limitations of claim 15, further comprising instructions operable to cause the processor to: obtain a one-time-password to authenticate the device identity at the new device; and encrypt the one-time-password with a public key associated with the new device to generate the cryptographic information (the key exchange includes a one-time symmetric key exchange that permits the client and device agents to take advantage of the greater speed of symmetric-key encryption for communication. O’Brien para. 0036.).

Claims 2, 9, 16 rejected under 35 U.S.C. 103 as being unpatentable over Czeskis in view of O’Brien in view of Ross (U.S. Pat. App. Pub. 2016/0134599 A1).
Regarding claim 2, Czeskis in view of O’Brien teaches the limitations of claim 1, wherein the registration includes a public key associated with the new device (public and private keys are generated in response to successful authentication of the device agent. O’Brien para. 0012.).  
Czeskis in view of O’Brien does not disclose: wherein the registration includes an anonymous identifier.
However, Ross does disclose: wherein the registration includes an anonymous identifier (registration of network devices includes anonymous identifiers in identity stores. Ross para. 0042.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art to modify the adding of a user account to an unassociated device my means of sharing an ultrasound token between a service provider, associated device and an unassociated device of Czeskis with various forms of authentication registration including anonymous identifiers based upon the teachings of Ross. The motivation being to authorize access to each of a plurality of users to a network. Ross para. 0002.
Regarding claim 9, Czeskis in view of O’Brien teaches the limitations of claim 8, wherein the processor is further configured to obtain a public key associated with the new device from the registration (public and private keys are generated in response to successful authentication of the device agent. O’Brien para. 0012.).  
Czeskis in view of O’Brien does not disclose: wherein the processor is further configured to obtain an anonymous identifier.
However, Ross does disclose: wherein the processor is further configured to obtain an anonymous identifier (registration of network devices includes anonymous identifiers in identity stores. Ross para. 0042.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art to modify the adding of a user account to an unassociated device my means of sharing an ultrasound token between a service provider, associated device and an unassociated device of Czeskis with various forms of authentication registration including anonymous identifiers based upon the teachings of Ross. The motivation being to authorize access to each of a plurality of users to a network. Ross para. 0002.
Regarding claim 16, Czeskis in view of O’Brien teaches the limitations of claim 15, further comprising instructions operable to cause the processor to obtain a public key associated with the new device from the registration  (public and private keys are generated in response to successful authentication of the device agent. O’Brien para. 0012.).  
Czeskis in view of O’Brien does not disclose: further comprising instructions operable to cause the processor to obtain an anonymous identifier.
However, Ross does disclose: further comprising instructions operable to cause the processor to obtain an anonymous identifier (registration of network devices includes anonymous identifiers in identity stores. Ross para. 0042.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art to modify the adding of a user account to an unassociated device my means of sharing an ultrasound token between a service provider, associated device and an unassociated device of Czeskis with various forms of authentication registration including anonymous identifiers based upon the teachings of Ross. The motivation being to authorize access to each of a plurality of users to a network. Ross para. 0002. 

Allowable Subject Matter
Claims 6, 13, and 20 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Noble (U.S. Pat. App. Pub. 2008/0141025 A1), maintaining anonymity of user during registration of users on a network; Sprague (U.S. Pat. App. Pub. 2016/0275461 A1), validating unknown network clients and generating trust in new devices prior to acceptance of a transaction; Kusens (U.S. Pat. App. Pub. 2018/0040091 A1), identification and verification of a second device in proximity range using a locally transmitted token. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571) 270-0408.  The examiner can normally be reached on Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/VANCE M LITTLE/Examiner, Art Unit 2493