DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
Applicant’s election of Claims 1-19 in the reply filed on 05/05/2021 is acknowledged. Because applicant did not distinctly and specifically point out the supposed errors in the restriction requirement, the election has been treated as an election without traverse (MPEP § 818.01(a)).
Claims 20-23 are withdrawn from further consideration.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 10 and 17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 10 and 17 recite the limitation "the custom token”.  There is insufficient antecedent basis for this limitation in the claims.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2, 11-12 and 18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Birgisson et al. US2017/0223005 hereinafter referred to as Birgisson.
As per claim 1, Birgisson teaches an a cloud service, a method of authenticating an Internet of Things (IoT) device having an IoT device identity to a second service that does not natively support the IoT device identity, the method comprising: receiving, by one or more processors, a request for access to the second service (Birgisson paragraph [0082]-[0083], [0105]-[0106], receiving request for access to resource); 
receiving, by the one or more processors, the IoT device identity (Birgisson paragraph [0055], [0082]-[0083], [0105]-[0106], receiving request which includes device ids); 
validating, by the one or more processors, the IoT device identity using information associated with an IoT account (Birgisson paragraph [0074], [0083], [0091], [0096], [0106], verify device identity with account information); 
generating, by the one or more processors in response to the IoT device identity being valid, an access token usable as a credential for the second service, the token having a valid time window (Birgisson paragraph [0084]-[0085], [0088], [0108], [0111]-[0112], in response to the verified identity, generate token associated with valid time window); and 
providing the access token to the IoT device for use in accessing the second service during the time window without validating a second credential specific to the second service (Birgisson paragraph [0088], [0112], [0122], provide token to device).

As per claim 2, Birgisson teaches the method of claim 1, wherein generating the access token comprises registering the access token with the second service (Birgisson paragraph [0085], [0088], [0108]-[0109], [0123]-[0124], generating token).  
As per claims 11-12, the claims claim a system essentially corresponding to the method claims 1-2 above, and they are rejected, at least for the same reasons.

As per claim 18, Birgisson teaches the system of claim 11, wherein the one or more processors comprise a token minter with access to a cloud IoT token database (Birgisson paragraph [0073], [0085], [0088], token minter).  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3-5 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Birgisson, in view of Gupta et al. US2020/0136825 hereinafter referred to as Gupta.
As per claim 3, Birgisson teaches the method of claim 2.
Birgisson does not explicitly disclose wherein registering access token with second service comprises exchanging a first token for authenticating device with access token from the second service.  
Gupta teaches wherein registering access token with second service comprises exchanging a first token for authenticating device with access token from the second service (Gupta paragraph [0044]-[0045], verify identity token and provide access token of second service).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Birgisson with the teachings of Gupta to include providing 

As per claim 4, Birgisson in view of Gupta teaches the method of claim 3, wherein receiving the IoT device identity comprises receiving the first token, and wherein validating the IoT device identity comprises validating the first token (Birgisson paragraph [0055], [0082]-[0083], [0105]-[0106], iot device id; Gupta paragraph [0044]-[0045], verify identity token).  

As per claim 5, Birgisson in view of Gupta teaches the method of claim 4, wherein the first token is a Java Web Token (Gupta paragraph [0044], jwt).  

As per claim 13, the claim claims a system essentially corresponding to the method claim 3 above, and is rejected, at least for the same reasons.

Claims 6-10 and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over Birgisson in view of Gupta, and further in view of Frei et al. US2016/0142409 hereinafter referred to as Frei.
As per claim 6, Birgisson in view of Gupta teaches the method of claim 4.
Birgisson in view of Gupta does not explicitly disclose wherein first token is signed with a private key, and wherein information associated with account is a public key of device stored in association with the account.  
Frei teaches wherein first token is signed with a private key, and wherein information associated with account is a public key of device stored in association with the account (Frei paragraph [0069], [0078], token signed with private key and verified with public key).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Birgisson in view of Gupta with the teachings of Frei to include signing token with a private key and verifying the token with a public key because the results 

As per claim 7, Birgisson in view of Gupta teaches the method of claim 3.
Birgisson in view of Gupta does not explicitly disclose further comprising inserting one or more claims into the first token, thereby creating a custom token.  
Frei teaches further comprising inserting one or more claims into the first token, thereby creating a custom token (Frei paragraph [0070]-[0071], token includes claims).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Birgisson in view of Gupta with the teachings of Frei to include providing claims in a token in order to provide identity information and restriction information for the device identity token.

As per claim 8, Birgisson in view of Gupta and Frei teaches the method of claim 7, wherein the one or more claims restrict access of the IoT device to the second service (Birgisson paragraph [0110]-[0111], restrictions; Frei paragraph [0070], restrictions).  

As per claim 9, Birgisson in view of Gupta and Frei teaches the method of claim 8, wherein restricting access comprises limiting a portion of the second service that can be accessed by the IoT device using the access token (Birgisson paragraph [0086]-[0087], [0110]-[0111], restrictions; Frei paragraph [0070], [0088], restrictions).  

As per claim 10, Birgisson in view of Gupta teaches the method of claim 4.
Birgisson in view of Gupta does not explicitly disclose further comprising signing custom token using account.
Frei teaches further comprising signing custom token using account (Frei paragraph [0045], [0069], token signed with private key).


As per claims 14-17, the claims claim a system essentially corresponding to the method claims 7-10 above, and they are rejected, at least for the same reasons.

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Birgisson, in view of Schincariol et al. US2015/0227749 hereinafter referred to as Schincariol.
As per claim 19, Birgisson teaches the system of claim 11.
Birgisson does not explicitly disclose wherein one or more processors are further configured to cache access token for later use.  
Schincariol teaches wherein one or more processors are further configured to cache access token for later use (Schincariol paragraph [0045], cache token).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Birgisson with the teachings of Schincariol to include storing the access token in cache in order to provide future verification of the access token.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959.  The examiner can normally be reached on M-F 8am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/HENRY TSANG/             Primary Examiner, Art Unit 2495