DETAILED ACTION
Office Action Summary
Instant application was filed 3/4/2019 with priority to 3/8/2018. Claims 1-20 are pending in the instant application. Claims 1-20 are rejected under 35 USC § 102/103.
Instant office action is in response to applicants arguments filed 3/22/2021.
Applicant’s argument have been considered but are not persuasive.  See “Applicant’s Arguments and Examiner’s Response” section below.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Applicant’s Arguments and Examiner’s Response
Applicant’s arguments filed 3/22/2021 have been considered but are not persuasive. Applicant argues that the cited prior art does not teach “the advertisements as including one or more segments of a security certificate, where at least one of the segments of the security certificate identifies an authentication server.”, however the examiner respectfully disagrees as the claim states an advertisement channel and not an advertisement including … as applicant is arguing (In response to applicant's argument that the references fail to show certain features of applicant' s invention, it is noted that the features upon which applicant relies (i.e., advertisement including …) are not recited in 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-7, 9-16 and 18-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Gifford et al. (US Pre-Grant Publication No: 2018/0041484) (Art furnished in IDS dated 5/30/2019)  hereinafter referred to as Gifford.

As per claims 1, 10 and 14, Gifford teaches transmitting one or more segments of a security certificate on a wireless advertising channel of a peripheral device, wherein at least one of the segments of the security certificate identifies an authentication server; (Gifford, para [0092]-[0098], [0216]-[0218], [0282], [0357]-[0359] - "once a Key Enclave has been provisioned, it authenticates the services that will be using the enclave to perform cryptographic operations. For example, in some embodiments, X.509 certificates and the TLS protocol are applied to establish authentication and secure channels between enclaves and peripheral services (delegates)"; "the routing service (e.g., Enclave Router Service (ERS)) is a system for discovering Key Enclaves and delegates that are advertising themselves on the internet"; "IP address of the server")
participating in a public key exchange between the peripheral device and a host device by transmitting a signed public key of the peripheral device, wherein the signed public key is signed in the security certificate; and (Gifford, para [0092]-[0098], [0112], [0122], [0357]-[0359] - "each role is encoded in a DNS Subject Alternative Name (SAN) in the X.509 certificate"; "public key hash"; "each {e.g., Enclave, Edge} server presents an x509 Certificate, signed by an organizational CA registered with ERS"; "the organization fingerprint is computed by selecting the public key of the corresponding registered organization CA. In some embodiments, there exists an API method to register an organization with a valid CA certificate presented in a Two-way TLS connection. In some embodiments, the ERS comprises a DNS server maintaining the mapping of ERS DNS names to ephemeral {e.g., Enclave, Edge} IP addresses. In some embodiments, the ERS comprises the ERS DNS name can be of the following exemplary format: "<public key hashin lowercased base62>.<role name>.dns.krypt.co" where the first part is the public key hash of the x509 certificate of this server, the second part is the is the server type {Enclave, Edge, etc.}, and the remaining parts constitute the hostname of the DNS server"; "distributing knowledge of principal's public keys to other principals is accomplished using the 'Web-of-Trust" Public Key Infrastructure (PKI)")
transmitting one or more encrypted messages from the peripheral device to the host device via a first secure connection established based on the public key. (Gifford, para [0174]-[0178], [0357]-[0359] - "the key enclave 2900A communicates with a delegate computer 2900B over a secure channel and both the key enclave 2900A and delegate computer 2900B use cryptography to enforce secrecy and authentication of messages over the channels and the secure channels utilize at least one communication link using wireless data transport. The key enclave 2900A receives a request from a delegate computer 2900B for verification of data and an associated signature at step 2902 and the key enclave verifies the signature using one or more stored public keys at steps 2903 and 2904 and the key enclave returns the result of the verification to the delegate computer over the secure channel").

As per claims 2 and 11, Gifford teaches wherein: the advertising channel is a secondary advertising channel of the peripheral device; the at least one of the segments of the security certificate identifies the authentication server by indicating a network address of the authentication server; and the method further comprises transmitting from the peripheral device a reference to the secondary advertising channel on a primary wireless advertising channel of the peripheral device. (Gifford, para [0092]-[0098], [0216]-[0218], [0352]-[0359])

As per claim 3, Gifford teaches The method of claim 2, wherein: the one or more segments of the security certificate comprise a device identifier for the peripheral device, a public key of the peripheral device, and a digital signature of the authentication server. (Gifford, para [0214], [0253]-(0257], [0343], [0352]-[0359]).

As per claims 4 and 15, Gifford teaches further comprising, in response to receiving from the peripheral device a network address of the authentication server: based on the network address, establishing a second secure connection between the host device and the authentication server; and in response to authenticating the security certificate based on a public key of the authentication server, complete pairing between the peripheral device and the host device. (Gifford, para [0174]-[0178], [0216]-(0218], [0274]-[0275], [0357]-[0359])

As per claims 5, 12 and 19 Gifford teaches, wherein: the public key exchange is performed in response to the host device authenticating the security certificate based on a public key of the authentication server; the public key exchange comprises transmitting a randomly generated key from the host device to the peripheral device; and transmitting the signed public key of the peripheral device is performed in response to receiving the randomly generated key from the host device. (Gifford, para [0092]-[0098], [0124]-[0129], [0235], [0305]-[0307]).

As per claims 6 and 16, Gifford teaches wherein: in response to receiving the one or more segments of the security certificate at the host device, checking a public key database for a public key of the authentication server based on a network address of the authentication server; and in response to failing to locate a public key of the authentication server in the public key database, obtaining the public key of the authentication server by establishing a second secure connection with the authentication server. (Gifford, para [0192]-[0198], [0216]-[0218], [0347]-[0359])

As per claims 7, 13, and 18, Gifford teaches further comprising obtaining the security certificate from the authentication server by: in response to authenticating a security certificate of the authentication server, establishing a second secure connection between the host device and the authentication server; establishing a secure tunnel connection between the peripheral device and the authentication server by relaying, via the host device, messages between the peripheral device and the authentication server; and receiving the security certificate from the authentication server via the secure tunnel connection. (Gifford, para [0092], [0214], [0216]-[0218], [0234]-[0235], [0347]-[0359])

As per claims 9 and 17, Gifford teaches further comprising ceasing communication with the peripheral device in response to one of: failing to authenticate the security certificate based on a public key of the authentication server. failing to authenticate the signed public key based on the security certificate; and failing to authenticate one or more hash values calculated from firmware blocks of the peripheral device, wherein the hash values are received from the peripheral device. (Gifford, para [0176]-[0178]. [0221]-[0222], [0345] - "the service cryptographically verifies the self-signed profile signature and rejects the request if the verification fails"; "a delegated device's access may be revoked at any time on the Key Enclave. Upon revocation of a delegated device, the corresponding secure session is terminated and no further operations will be granted").

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 8 and 17 rejected under 35 U.S.C. 103 as being unpatentable over Gifford in view of Yamaura et al. (US Pre-Grant Publication No: 2016/0366229 A1) (Art furnished in IDS dated 5/30/2019) hereinafter referred to as Yamaura.

As per claims 8 and 20, Gifford teaches further comprising, at the authentication server: receiving a addresses to the peripheral device; for each block identified in the set of randomly generated (Gifford, para [0073]-[0082], [0092]-[0098], [0109]-[0110], [0124]-[0129], [0192]-[0198], [0216]-[0218], [0225]-[0235], [0347]-[0359])
But Gifford does not explicitly teach firmware
However, Yamaura does teach firmware (para [0145]. [0152]-[0153] - "firmware information includes information (part code) specifying a firmware type, a firmware version"; "authentication information may include, for example, a delivery application server certificate and a public key"; "network setting information includes identification information (an ESSID, a BSSID, or the like) identifying a wireless network"; "When the network setting information is fixed in advance, an SSID may be generated using all or some of a manufacturer, a vehicle type, a serial number (in which a range can be designated), a firmware type, and a firmware version"). 
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to teach firmware as taught by Yamaura in order to provide an authentication method as taught by Gifford capable of improved authentication of specific devices and/or firmware versions. Both Gifford and Yamaura are directed to systems and methods for authentication between devices in conjunction with wireless communication.

Other Art of Record
Bone et al. (US Pre-Grant Publication 2016/0234683) teaches “Method and apparatus for communicating with a machine to machine, M2M, device comprising: deriving at a M2M device using generic bootstrapping architecture, GBA, a first key. Sending a second key to the M2M device protected 
Boone et al. (US Patent 9189225) teaches “Firmware updates for, e.g., thin client devices may be achieved in a seamless, non-disruptive manner using a two-stage firmware loader, including a base loader pre-installed on the device and a caching loader downloaded, by the base loader, from a firmware server and thereafter responsible for downloading and updating other firmware application packages.”.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIMON P KANAAN whose telephone number is (571)270-3906.  The examiner can normally be reached on M-F (7AM-4PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SIMON P KANAAN/Primary Examiner, Art Unit 2492