DETAILED ACTION
This non-final office action is in response to claims 1-15 filed on 01/30/2019 for examination. Claims 1-15 are being examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/28/2019, 09/23/2020, 05/10/2021, and 05/18/2021 have been considered by the examiner. 

Restriction Election
Applicant’s election without traverse of claims 1-15 in the reply filed 04/30/2021 is acknowledged.

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: “755” (See Fig. 7).  Corrected 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim(s) 7-8 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Particularly:
Claim 7 recites the limitations “the network-connected device” and "the identity" in line 4.  There is insufficient antecedent basis for such limitations in the claim.
Claim 8 recites the limitation “the monitoring agent" in line 3.  There is insufficient antecedent basis for this limitation in the claim.


Consideration Under 35 USC § 101
Note: The claims have been considered and analyzed by the Examiner under 35 USC § 101 with respect to statutory category and the abstract idea (and judicially recognized exceptions), and appear to recite a form of subject matter statutorily compliant with § 101.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-5 and 8-13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lau et al. (US20150121070, Hereinafter “Lau”) in view of Lee (US20100042835, Hereinafter “Lee”) and Dong et al. (US20180285555, Hereinafter “Dong”).
Regarding claim 1, Lau teaches a computing platform for establishing a secure communication pathway with a device ([0009-010] – transmissions between devices protected using encryption <i.e., secure communication established>), the computing platform comprising: 
one or more memory storage areas ([0009-010] – processors with memory used to perform system); and one or more processors collectively configured ([0009-010] – processors with memory used to perform system) to: 
receive device data comprising a unique machine identifier corresponding to the device and a first public cryptography key generated [[by the device]] ([0011] – request for firmware is sent to ; and 
generate a device-specific installation package ([0023] and [0038] – token is embedded in a firmware package and encrypted <i.e., the device’s installation package created>; [0034] – embedded token is a unique string of characters unique to the device <i.e., package is device specific>) comprising: 
the unique machine identifier ([0023] and [0038] – token is included in the firmware package; [0034] – the token is a unique string of characters unique to the device <i.e., unique machine identifier>); and 
a device agent ([0008-009], and [0026] – device firmware included in firmware package, and installed to update or provide services on the device <i.e., firmware is a device agent>); 
encrypt the device-specific installation package via the first public cryptography key ([0038] – firmware package <i.e., device specific installation package, see, e.g., [0034] with [0038]> encrypted using the public key and transmitted to the device); 
provide the device-specific installation package to the device ([0038] – firmware package <i.e., device specific installation package, see, e.g., [0034] with [0038]> encrypted using the public key and transmitted to the device).
While Lau further discloses providing an installation package and establishing secure communication pathways using encryption (see, e.g., [0024], [0026]), Lau appears to fail to specifically disclose the package comprising a second public cryptography key generated by the one or more processors as a part of a second public-private cryptography key pair; an executable installation script configured to cause the device to install the device agent and to initiate a secure communication connection between the device and the computing platform by passing a message encrypted with the second public cryptography key back to the computing platform; establish a secure communication Lau further appears to fail to specifically disclose the first public cryptography of the device is generated by the device.
However, Lee teaches a system for providing an installation package and establishing secure communication pathways using encryption (see, e.g., abstract, [0030]), with the installation package comprising a second public cryptography key generated by the one or more processors as a part of a second public-private cryptography key pair ([0030] – software package to be installed on the receiving terminal 110 includes an RSA public cryptography key <i.e., is part of a public-private cryptography key pair>; [0002] – system uses standard computing systems <i.e., provided via processors>); 
an executable installation script configured to cause the device to install the device agent and to initiate a secure communication connection between the device and the computing platform by passing a message encrypted with the second public cryptography key back to the computing platform ([0030] – RSA public key is contained within a software package and sent to the receiving terminal. Receiving terminal installs the device program included in the software package and sends a response message to the providing server. The RSA public key contained within the software package is used to encrypt the response message, which establishes secure communication); and
establish a secure communication pathway with the device upon receipt of the encrypted message from the device ([0030] – RSA public key is contained within a software package and sent to the receiving terminal. Receiving terminal installs the device program included in the software package and sends a response message to the providing server. The RSA public key contained within the software package is used to encrypt the response message, which enables secure communication).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Lau with the teachings of Lee, wherein the device specific installation package comprises a second public cryptography key generated by the one or more processors as a part of a second public-private cryptography key pair; an executable installation script Lee at [0005] and [0030]).
While the combination of Lau and Lee teach writing a public key in the device at the time of manufacture for use in encryption (see, e.g., [0023], [0025]), the combination of Lau and Lee appear to fail to specifically disclose wherein the public key is generated by the device.
However, Dong further teaches known manufacturing process for generating keys during manufacture, wherein the device generates the key pair (see [0043]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau and Lee with the teachings of Dong, wherein the first cryptographic key is generated by the device, to provide device-specific keys pairs for protecting communications (see, e.g., Dong at [0043]).

Regarding claim 2, the combination of Lau, Lee, and Dong teach the computing platform of claim 1, wherein establishing a secure communication pathway comprises: decrypting the encrypted message received from the device using a private cryptography key of the second public-private cryptography key pair (Lee at [0030], [0019] – the response message <containing an activation request and a key> is sent to the RAS using the RSA public key, which decrypts the message using standard RSA encryption techniques <i.e., using the public key’s private key>); and upon verifying contents of the encrypted message received from the device, establishing the secure communication pathway (Lee at [0030] – the response message’s request is verified, and encrypted communication occurs between the devices using the exchanged keys <i.e., establishes the secure communication pathway>).  
Lau, Lee, and Dong with the teachings of Lee, wherein establishing a secure communication pathway comprises: decrypting the encrypted message received from the device using a private cryptography key of the second public-private cryptography key pair; and upon verifying contents of the encrypted message received from the device, establishing the secure communication pathway, to protect the communications from malicious intrusions (see, e.g., Lee at [0005] and [0030]).

Regarding claim 3, the combination of Lau, Lee, and Dong teach the computing platform of claim 1, wherein receiving device data comprises receiving manual input provided by a user via a platform dashboard user interface (Lee at [0017-018] – the user provides manual input instructions via a keyboard and graphical user interface <i.e., dashboard> to request the secure communications/authorization request <i.e., part of receiving the authorization request at [0030] comprises the user manually providing input to the dashboard>; see also [0023] users provide manual input to authorize the device).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Dong with the teachings of Lee, wherein receiving device data comprises receiving manual input provided by a user via a platform dashboard user interface, so that users may control when the system initiates/ authorizes the terminal within the system (see, e.g., Lee at [0018], [0030]).

Regarding claim 4, the combination of Lau, Lee, and Dong teach the computing platform of claim 1, wherein receiving device data comprises receiving device data correlated with an untrusted device (Lau at [0029] and [0035] – server receives public key and device ID of a connecting device <i.e., Lee at [0005] and [0030] – connecting device transmissions can be malicious or have intrusions <i.e., devices are unstrusted>); and wherein establishing a secure communication pathway with the device converts the untrusted device into a trusted device (Lee at [0030] – RSA public key is contained within a software program and sent to the receiving terminal. Receiving terminal installs the program and sends a response message to the providing server. The RSA public key contained within the software download is used to encrypt the response message. The communications are protected and the device is validated by authorizing the activation request <i.e., the device and communications are now trusted>).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Dong with the teachings of Lee, wherein receiving device data comprises receiving device data correlated with an untrusted device; and wherein establishing a secure communication pathway with the device converts the untrusted device into a trusted device, to protect against malicious intrusions in the systems or their communications (see, e.g., Lee at [0005] and [0030]).

Regarding claim 5, the combination of Lau, Lee, and Dong teach the computing platform of claim 1, wherein providing the device-specific installation package to the device comprises: generating a device-specific URI accessible by the device via a network (Lau at [0019] – a unique device ID <i.e., the URI> of the device is generated; [0035-036] – the unique device ID <i.e., URI> is provided by the user to access the installation package for the device; see also [0034] – a unique token of the device is generated); and pointing the device-specific URI to a download script causing the device to download the device-specific installation package upon accessing the device-specific URI (Lau at [0035-037] and [0041] – Unique device ID <i.e., the URI> is used in the system by the device to request the device firmware package <i.e., the device access the device ID to download the package>. This device ID is .  

Regarding claim 8, the combination of Lau, Lee, and Dong teach the computing platform of claim 1, wherein generating the device-specific installation package further comprises determining whether the device is capable of maintaining a trusted connection between the monitoring agent and the computing platform (Lau at [0037] – the device information is checked against different versions of the installation package, and a package fitting the device’s capabilities is selected and provided <which establishes the trusted connection, see, e.g., Lee at [0030]> <i.e., the package type is determined compatible>). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Dong, wherein generating the device-specific installation package further comprises determining whether the device is capable of maintaining a trusted connection between the monitoring agent and the computing platform, so incompatible firmware or software instructions establishing a secure connection will not be provided (see, e.g., Lau at [0037] with Lee at [0030]).

Regarding claim 9, Lau teaches a computer-implemented method for establishing a secure communication pathway between a device and a computing platform ([0009-010] – transmissions between devices protected using encryption <i.e., secure communication established>), the method comprising: 
receiving device data comprising a unique machine identifier corresponding to the device and a first public cryptography key generated [[by the device]] ([0011] – request for firmware is sent to ;  27Attorney Docket No.: 066517/000310US 
and generating a device-specific installation package ([0023] and [0038] – token is embedded in a firmware package and encrypted <i.e., the device’s installation package created>; [0034] – embedded token is a unique string of characters unique to the device <i.e., package is device specific>) comprising: 
the unique machine identifier ([0023] and [0038] – token is included in the firmware package; [0034] – the token is a unique string of characters unique to the device <i.e., unique machine identifier>); and 
a device agent ([0008-009], and [0026] – device firmware included in firmware package, and installed to update or provide services on the device <i.e., firmware is a device agent>);
encrypting the device-specific installation package via the first public cryptography key ([0038] – firmware package <i.e., device specific installation package, see, e.g., [0034] with [0038]> encrypted using the public key and transmitted to the device); and
providing the device-specific installation package to the device ([0038] – firmware package <i.e., device specific installation package, see, e.g., [0034] with [0038]> encrypted using the public key and transmitted to the device).
While Lau further discloses providing an installation package and establishing secure communication pathways using encryption (see, e.g., [0024], [0026]), Lau appears to fail to specifically disclose generating a second public-private cryptography key pair comprising a second public cryptography key; the installation package comprising the second public cryptography key; an executable installation script configured to cause the device to install the device agent and to initiate a secure communication connection between the device and the computing platform by passing a message encrypted with the second public cryptography key back to the computing platform; and 
However, Lee teaches a system for providing an installation package and establishing secure communication pathways using encryption (see, e.g., abstract, [0030]), with comprising generating a second public-private cryptography key pair comprising a second public cryptography key  ([0030] – software package to be installed on the receiving terminal 110 includes a generated RSA public cryptography key <i.e., is part of a public-private cryptography key pair>; [0002] – system uses standard computing systems <i.e., provided via processors>); 
the installation package comprising the second public cryptography key ([0030] – software package to be installed on the receiving terminal 110 includes an RSA public cryptography key <i.e., is part of a public-private cryptography key pair>; [0002] – system uses standard computing systems <i.e., provided via processors>); 
an executable installation script configured to cause the device to install the device agent and to initiate a secure communication connection between the device and the computing platform by passing a message encrypted with the second public cryptography key back to the computing platform ([0030] – RSA public key is contained within a software package and sent to the receiving terminal. Receiving terminal installs the device program included in the software package and sends a response message to the providing server. The RSA public key contained within the software package is used to encrypt the response message, which establishes secure communication); 
and establishing a secure communication pathway with the device upon receipt of the encrypted message from the device ([0030] – RSA public key is contained within a software package and sent to the receiving terminal. Receiving terminal installs the device program included in the software package and sends a response message to the providing server. The RSA public key contained .  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Lau with the teachings of Lee, generating a second public-private cryptography key pair comprising a second public cryptography key; the device specific installation package comprising the second public cryptography key; an executable installation script configured to cause the device to install the device agent and to initiate a secure communication connection between the device and the computing platform by passing a message encrypted with the second public cryptography key back to the computing platform; and establishing a secure communication pathway with the device upon receipt of the encrypted message from the device, to protect the communications from malicious intrusions (see, e.g., Lee at [0005] and [0030]).
While the combination of Lau and Lee teach writing a public key in the device at the time of manufacture for use in encryption (see, e.g., [0023], [0025]), the combination of Lau and Lee appear to fail to specifically disclose wherein the public key is generated by the device.
However, Dong further teaches known manufacturing process for generating keys during manufacture, wherein the device generates the key pair (see [0043]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau and Lee with the teachings of Dong, wherein the first cryptographic key is generated by the device, to provide device-specific keys pairs for protecting communications (see, e.g., Dong at [0043]).

Regarding claim 10, the combination of Lau, Lee, and Dong teach the computer-implemented method of claim 9, wherein establishing a secure communication pathway comprises: decrypting the encrypted message received from the device using a private cryptography key of the second public-private cryptography key pair (Lee at [0030], [0019] – the response message <containing an activation request and a key> is sent to the RAS using the RSA public key, which decrypts the message using standard RSA encryption techniques <i.e., using the public key’s private key>); and upon verifying contents of the encrypted message received from the device, establishing the secure communication pathway (Lee at [0030] – the response message’s request is verified, and encrypted communication occurs between the devices using the exchanged keys <i.e., establishes the secure communication pathway>).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Dong with the teachings of Lee, wherein establishing a secure communication pathway comprises: decrypting the encrypted message received from the device using a private cryptography key of the second public-private cryptography key pair; and upon verifying contents of the encrypted message received from the device, establishing the secure communication pathway, to protect the communications from malicious intrusions (see, e.g., Lee at [0005] and [0030]).  

Regarding claim 11, the combination of Lau, Lee, and Dong teach the computer-implemented method of claim 9, wherein receiving device data comprises receiving manual input provided by a user via a platform dashboard (Lee at [0017-018] – the user provides manual input instructions via a keyboard and graphical user interface <i.e., dashboard> to request the secure communications/authorization request <i.e., part of receiving the authorization request at [0030] comprises the user manually providing input to the dashboard>; see also [0023] users provide manual input to authorize the device).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Dong with the teachings of Lee, Lee at [0018], [0030]).

Regarding claim 12, the combination of Lau, Lee, and Dong teach the computer-implemented method of claim 9, wherein receiving device data comprises receiving device data correlated with an untrusted device (Lau at [0029] and [0035] – server receives public key and device ID of a connecting device <i.e., device data correlated with a device>; with Lee at [0005] and [0030] – connecting device transmissions can be malicious or have intrusions <i.e., devices are unstrusted>); and wherein establishing a secure communication pathway with the device converts the untrusted device into a trusted device (Lee at [0030] – RSA public key is contained within a software program and sent to the receiving terminal. Receiving terminal installs the program and sends a response message to the providing server. The RSA public key contained within the software download is used to encrypt the response message. The communications are protected and the device is validated by authorizing the activation request <i.e., the device and communications are now trusted>).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Dong with the teachings of Lee, wherein receiving device data comprises receiving device data correlated with an untrusted device; and wherein establishing a secure communication pathway with the device converts the untrusted device into a trusted device, to protect against malicious intrusions in the systems or their communications (see, e.g., Lee at [0005] and [0030]).

Regarding claim 13, the combination of Lau, Lee, and Dong teach the computer-implemented method of claim 9, wherein providing the device-specific installation package to the device comprises: generating a device-specific URI accessible by the device via a network (Lau at [0019] – a unique device ID <i.e., the URI> of the device is generated; [0035-036] – the unique device ID <i.e., URI> is provided by the user to access the installation package for the device; see also [0034] – a unique token of the device is generated); and28Attorney Docket No.: 066517/000310US pointing the device-specific URI to a download script causing the device to download the device-specific installation package upon accessing the device-specific URI (Lau at [0035-037] and [0041] – Unique device ID <i.e., the URI> is used in the system by the device to request the device firmware package <i.e., the device access the device ID to download the package>. This device ID is stored in association with the installation package information <i.e., device ID points to the package information>. Then a device-specific installation package is downloaded to the user device using stored software instructions <i.e., device ID points to a script to cause the download>).

Claim(s) 6 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lau in view of Lee and Dong,  further in view of Medvinsky (US6892308, Hereinafter “Medvinsky”).
Regarding claim 6, the combination of Lau, Lee, and Dong teach the computing platform of claim 1. While the combination of Lau, Lee, and Dong teach providing a transmission comprising a device-specific installation package (see, e.g., Lau at [0023], [0038]) and receiving a message response (e.g., Lee at [0030]), the combination of Lau, Lee, and Dong appear to fail to specifically disclose wherein the device-specific installation package further comprises a one-time use nounce; and wherein establishing a secure communication pathway with the device comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the device-specific installation package; upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce.
Medvinsky teaches a system for securing communications between devices (see abstract), wherein a first message further comprises a one-time use nounce ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message); and wherein establishing a secure communication pathway with the device comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the first message ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message, wherein the client then returns a signed nonce with a responding message. Upon receiving the returned signed nonce, the returned signed nonce is compared against the provided nonce); upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message, wherein the client then returns a signed nonce with a responding message. Upon receiving the returned signed nonce, the returned signed nonce is compared against the provided single use nonce. When the nonces match, the system is assured the authenticity of the client and secure communication is established.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Lau, Lee, and Dong with the teachings of Medvinsky, wherein the device-specific installation package further comprises a one-time use nounce; and wherein establishing a secure communication pathway with the device comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the device-specific installation package; upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce, to secure communications of the device-specific installation package message and response messages against replay attacks (see, e.g., Medvinsky at [0016-017]).

Regarding claim 14, the combination of Lau, Lee, and Dong teach the computer-implemented method of claim 9. While the combination of Lau, Lee, and Dong teach providing a transmission comprising a device-specific installation package (see, e.g., Lau at [0023], [0038]) and receiving a message response (e.g., Lee at [0030]), the combination of Lau, Lee, and Dong appear to fail to specifically disclose wherein the device-specific installation package further comprises a one-time use nounce; and wherein establishing a secure communication pathway with the device comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the device-specific installation package; upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce.
However, Medvinsky teaches a system for securing communications between devices (see abstract), wherein a first message further comprises a one-time use nounce ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message); and wherein establishing a secure communication pathway with the device comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the first message ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message, wherein the client then returns a signed nonce with a responding message. Upon receiving the returned signed nonce, the returned signed nonce is compared against the provided nonce); upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message, wherein the client then returns a signed nonce with a responding message. Upon receiving the returned signed .
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Lau, Lee, and Dong with the teachings of Medvinsky, wherein the device-specific installation package further comprises a one-time use nounce; and wherein establishing a secure communication pathway with the device comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the device-specific installation package; upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce, to secure communications of the device-specific installation package message and response messages against replay attacks (see, e.g., Medvinsky at [0016-017]).

Claim(s) 7 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lau in view of Lee and Dong,  further in view of Allen et al. (US20100115269, Hereinafter “Allen”).
Regarding claim 7, the combination of Lau, Lee, and Dong teach the computing platform of claim 1. The combination of Lau, Lee, and Dong appear to fail to specifically disclose wherein the one or more processors are further configured to generate a self-signed platform certificate for the device; and wherein the device- specific installation package further comprises the self-signed platform certificate for validating the identity of the computing platform at the network-connected device.  
However, Allen teaches a system for securely providing an installation package to a recipient (see, e.g., abstract, [0014]), wherein the one or more processors are further configured to generate a self-signed platform certificate for the device ([0014] – provider generates a certificate signed by the provider, then includes it into an installation package; [0002] – system uses standard computing systems <i.e., comprises one or more processors>); and wherein the installation package further comprises the self-signed platform certificate for validating the identity of the computing platform at the network-connected device ([0014] – provider generates a certificate signed by the provider, then includes it into an installation package. The installation package is then sent to the recipient device, which validates the identity of the provider to install the package on the device; [0004] – ldevices are connected via a network).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Lau, Lee, and Dong with the teachings of Allen, wherein the one or more processors are further configured to generate a self-signed platform certificate for the device; and wherein the device- specific installation package further comprises the self-signed platform certificate for validating the identity of the computing platform at the network-connected device, to ensure the identity and integrity of the of the received installation package (see, e.g., Allen at [0006], [0014]).

Regarding claim 15, the combination of Lau, Lee, and Dong teach the computer-implemented method of claim 9. The combination of Lau, Lee, and Dong appear to fail to specifically disclose generating a self- signed platform certificate for the device; and wherein the device-specific installation package further comprises the self-signed platform certificate.  
However, Allen teaches a system for securely providing an installation package to a recipient (see, e.g., abstract, [0014]), further comprising: generating a self-signed platform certificate for the device ([0014] – provider generates a certificate signed by the provider, then includes it into an installation package); and wherein the device-specific installation package further comprises the self-signed platform certificate ([0014] – provider generates a certificate signed by the provider, then includes it into an installation package. The installation package is then sent to the recipient device, which validates the identity of the provider to install the package on the device).  
Lau, Lee, and Dong with the teachings of Allen, further comprising: generating a self- signed platform certificate for the device; and wherein the device-specific installation package further comprises the self-signed platform certificate, to ensure the identity and integrity of the of the received installation package (see, e.g., Allen at [0006], [0014]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA RAYMOND WHITE whose telephone number is (571)272-4365.  The examiner can normally be reached on Monday-Thursday, & Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 5712723787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/J.R.W./Examiner, Art Unit 2438                                                                                                                                                                                                        /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438