DETAILED ACTION
 	 	Claims 1-20 are presented for examination on the merits.
Notice of Pre-AIA  or AIA  Status
 	The present application is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
 	The information disclosure statement (IDS) submitted on 01/14/2020 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.
Drawings
The drawings filed on 01/13/2020 are accepted by the examiner.
Priority
 	The application is filed on 11/06/2019 and claims the priority of provisional application 62/756,416 filed on 11/06/2018. 
Claim Objections

Claims 8-9 are objected to because of the following informalities: 
 	Claim 8 depends from claim 8 which appears to be incorrect. Similarly, the dependency of claim 9 appears to be incorrect because claim 9 depends from 8.The dependency of respective claims should be corrected. The claims are examined as best understood at this time. Appropriate corrections are required for above and other similar claims as applicable.



 				Claim Rejections - 35 USC § 103
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

4.	The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

5.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

6.	Claims 1-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Heldt-Sheller (US 20210176638 A1, hereinafter, Heldt-Sheller) 
 	Regarding claim 1, Heldt-Sheller discloses a method comprising: receiving, at a computing device, a token, wherein the token comprises a cryptographically signed list of rights that the computing device is authorized to request (Paragraphs 0065, 0120: the token contains a signed authorization statement (e.g., using JOSE or COSE syntax) where the signer is the client onboarding tool having authorization to perform a step-x of the onboarding sequence… a plurality of privilege level is established for user authentication); and 
 	requesting, using the computing device, an action of a receiving device in an industrial location (Paragraphs 0024, 0076-0078: The groups of IoT devices are deployed in various residential, commercial, and industrial settings wherein one or more servers operate as an intermediate network. Further, the gateway operates in a cloud-to-gateway-to-many edge devices configuration, such as with the various IoT devices 814, 820, 824 being constrained or dynamic to an assignment and use of resources in the cloud 800), wherein 
 	requesting the action comprises sending the token with the request to cause the receiving device to determine that the computing device is authorized and to perform the action (Paragraph 0074: a request from the respective onboarding device to the user agent to obtain the approval…request from the respective onboarding device to the authorization service to obtain an authorization service token, and a response from the authorization service to indicate the authorization service token). 
 	It is noted that Heldt-Sheller does not explicitly states but does suggest the imitations “requesting …an action of a receiving device in an industrial location” as claimed (Heldt-Sheller Paragraphs 0078, 0024, 0079, 0092:  The groups of IoT devices are deployed in various residential, commercial, and industrial settings (including in both private or public environments).).  
 	Hence, it would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the teachings of Heldt-Sheller because such action would allow IoT devices to perform functions, such as sensing or  control systems or access data in a network including water distribution systems, electric power distribution systems, pipeline control systems, plant control systems (Heldt-Sheller, Paragraphs 0021-0024)
 	Regarding claim 2, Heldt-Sheller discloses the method of claim 1, wherein the token is received, at the computing device, from an information technology (IT) network using a high-bandwidth connection before the computing device enters the industrial location (Heldt-Sheller Paragraphs 0044, 0088-0089: low bandwidth communications….out-of-band secure communication). 
 	Regarding claim 3, Heldt-Sheller discloses the method of claim 1, wherein requesting the action comprises sending a request over a low-bandwidth connection after the computing device enters the industrial location (Heldt-Sheller, Paragraph 0088: low bandwidth communications). 
 	Regarding claim 4, Heldt-Sheller discloses the method of claim 1, wherein the computing device initiates connections to a trusted external network, and wherein the trusted locations are listed in the computing device and also in an enterprise firewall in a remote network to which a plurality of computing devices are connected (Paragraph 0065: a trusted execution environment (e.g., "TEE1") performing Step 1 of the onboarding process may use a TEE1 signing key). 
 	Regarding claim 5, Heldt-Sheller discloses the method of claim 1, wherein the receiving device is a gateway and the computing device is a user device (Heldt-Sheller Paragraph 0040: data from these sensors 228 may then be aggregated and analyzed by any combination of the sensors 228, data aggregators 226, or gateways 204, before being sent on by the fog 220 device to the server 206 to answer the query.). 
 	Regarding claim 6, Heldt-Sheller discloses the method of claim 1, wherein the token contains information about a predetermined set of privileges for each user, and the computing device is configured to determine the user and allow or prevent an action request for the receiving device based on the predetermined configuration and identified user (Paragraphs 0017, 0043: Fog network among multiple users have multiple, or different, web identities, while still coordinating clients with respective capabilities and privileges to effectively accomplish onboarding). 
 	Regarding claim 7, Heldt-Sheller discloses the method of claim 1, comprising determining, using at least the receiving device, whether the computing device is associated with an authorized user of locally connected networks at the industrial location (Heldt-Sheller Paragraphs 0078, 0024, 0079:  The groups of IoT devices are deployed in various residential, commercial, and industrial settings (including in both private or public environments).. Networks of IoT devices includes commercial and home automation devices, such as water distribution systems, electric power distribution systems, pipeline control systems, plant control systems, light switches). 
 	Regarding claim 8, Heldt-Sheller discloses the method of claim 8, comprising, upon a determination that the computing device is not associated with an authorized user, the receiving device causes the computing device to utilize an external service to authenticate the computing device (Heldt-Sheller, Paragraph 0015: separate authorizations (including through use of a 3-way authorization protocol involving an authentication service such as OAuth2) is used to coordinate device onboarding among several Fog users (e.g., devices in a common network topology) with principles of least privilege). 
 	Regarding claim 9, Heldt-Sheller discloses the method of claim 8, comprising, upon a determination that the computing device is associated with the authorized user, determining, using at least the receiving device, whether the computing device is connected to at least one of the locally connected networks (Paragraph 0060:  generalized client may also host all the services locally on the same device (e.g., OCF device) instance. In such a scenario, the user logs into the "network" through the generalized client application and the generalized client enforces user privileges to perform "network" operations). 
 	Regarding claim 10, Heldt-Sheller discloses the method of claim 9, wherein upon a determination that the computing device is not connected to the at least one of the locally connected networks, utilizing external-storage-based authentication (Heldt-Sheller, Paragraph 0074: various actions are conducted in response to respective user authentications obtained with a three-way authorization protocol, such as where the three-way authorization protocol includes obtaining approval from at least one user agent and obtaining approval from an authorization service on behalf of the respective client). 
 	Regarding claim 11, Heldt-Sheller discloses the method of claim 9, wherein upon a determination that the computing device is connected to the at least one of the locally connected networks, allowing access to the receiving device by the computing device when a certificate is deemed valid (Heldt-Sheller Paragraph 0052: verify the request AR1 message 431A by verifying the C1 certificate/key) 
 	Regarding claim 12, Heldt-Sheller discloses the method of claim 9, wherein upon a determination that the computing device is connected to the at least one of the locally connected networks, utilizing external-storage-based authentication when the certificate is not deemed valid (Heldt-Sheller Paragraphs 0052-0054: verify the request AR1 message 431A by verifying the C1 certificate/key.. the AS 310 may perform this verification for a particular resource (device) or for a group of devices. The AS 310 verifies all applied signatures and verifies that C1 420A is authorized) 
	Regarding claim 13; Claim 13 is similar in scope to claims 1 and 5-7, and is therefore rejected under similar rationale.
 	Regarding claim 14, Heldt-Sheller discloses the system of claim 13, wherein the role-based authorization for users, applications, and receiving devices comprises accessing user mapping and matching an assigned role for an identified user to be authorized via the computing device (Heldt-Sheller Paragraphs 0072, 0075: one or more of the communications comprise Representational State Transfer (RESTful) interactions among one or more IoT network topologies. In an OCF model, the notion of the client and server is realized through roles…. privilege levels). 
 	Regarding claim 15, Heldt-Sheller discloses the system of claim 13, wherein customizing authentication processes comprises using at least one of a connected scenario, a disconnected scenario, and a WI-FI-based access (Heldt-Sheller Paragraphs 0043: SoftAP mechanisms allow an onboarding device to connect directly with a new device to provision it with Wi-Fi settings so that the device may be onboarded. However, the access point (AP) is presumed to have full access to the new device). 
 	Regarding claim 16, Heldt-Sheller discloses the system of claim 15, wherein the computing device is an edge gateway and comprises a containerized structure that includes native security measures, third-party managed security services, and monitoring solutions installed thereon (Paragraphs 0046, 0048: to keep track of behaviors of the various entities. e.g., the AS 310, OBT 340 and UA). 
 	Regarding claim 17, Heldt-Sheller discloses the system of claim 16, wherein the third-party managed security services comprise a software-based firewall (Paragraph 0045: security principles apply a least-privilege approach to realize a separation-of-duties as it pertains to IoT device onboarding. These duties may be understood in terms). 
  	Regarding claim 19; Claim 19 is similar in scope to claims 1, 4, 7, 9, 12, and is therefore rejected under similar rationale (Further, Paragraphs 0027, 0029, 0038, 0089, 0091; Figs 1-2 and associated texts).
	Regarding claim 20, Heldt-Sheller discloses the method of claim 19, wherein restricting communication between the first functional network zone and the second network zone comprises performing authorization on each communication between the first functional network zone and the second functional network zone (Figs 1-2 and associated texts; Paragraphs 0023 0024, 0034, 0038, 0091). 
Examiner Notes 
7. 	The Examiner notes that incorporating the combined limitations of claims 4 and 5 and 6 OR Claims 7 and 9 and 11 OR Claims 7 and 9 and 12 into independent claim 1 would better clarify the subject matter/embodiment of claimed invention. Similarly, amending independent claims 13 and 19 with aforesaid or similar claim limitations would help advance the prosecution as it would clarify the claimed invention.



Allowable Subject Matter 

8.	Claims 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
Conclusion
9. 	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Li et al. (US 20190014117 A1) discloses methods of scalable and secure resource isolation and sharing for Internet of Things (IoT) networks, are described. Techniques for requesting inter-domain resource access and enabling resource sharing with use of an inter domain token are also described. In an example, communications in an IoT network to establish connectivity between a first device in a first domain and a second device in a second domain.
Smith (US 20210168132 A1) discloses methods of establishing and utilizing device management (DM) services in Internet of Things (IoT) networks and similar distributed network architectures.
10.	In an effort to advance compact prosecution, with respect to any amendments to the claimed invention, the applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.  
Moreover with respect to advancing compact prosecution, if the applicant intends to make numerous amendments, the examiner respectfully requests that applicant submit a clean copy of the claims in addition to the marked up copy of the claims in order to expedite the examination process by allowing for accurate optical character recognition (OCR) of the claims.
The prior art made of record and not relied upon, if any, is considered pertinent to applicant’s disclosure and would be listed under PTO-Form 892.
11.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHFUZUR RAHMAN whose telephone number is (571)270-7638.  The examiner can normally be reached on Monday thru Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-88788593.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MAHFUZUR RAHMAN/Primary Examiner, Art Unit 2498