DETAILED ACTION
This Office Action is in response to application 16/824380 filed on 03/19/2020.  Claims 1-34 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 08/25/2020 and 01/14/2021 has been acknowledged and is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 8, 12, 13, 15, 20, 25, 32, are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. 
Claims 1, 13, 25, recite “A method executed by a network device for provisioning a network device” and then later recites “provisioning the network device.” It is unclear to the examiner whether the “network devices” recited in “method executed by a network device” and “provisioning a network device” are the same or different devices. For purposes of examination, the examiner will construe the devices to be the same “network device.”
Claims 8, 20, 32, recite “from a cloud services server.” Claims 7, 19, 31, (from which the claims depend upon) already recites “a cloud services server.” It is unclear to the examiner whether claims 8, 20, 32, “cloud services server” is the same or different from “cloud services server” of claims 7, 19, 31. For purposes of examination, the examiner will construe the “cloud services server” to be the same. 
Claim 12 recites the limitation "the network provisioning server" in line 1.  There is insufficient antecedent basis for this limitation in the claim as independent claim 1 (from which claim 12 depends upon) only recites a “provisioning server” and not a “network provisioning server”.
Claim 15 recites the limitation "the USB device" in line 2.  There is insufficient antecedent basis for this limitation in the claim. The examiner believes claim 15 should depend on claim 14.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 2, 4-7, 11-14, 16-19, 23-26, 29-31, are rejected under 35 U.S.C. 103 as being unpatentable over Bruner et al. (US 2021/0120412) in view of Gray et al. (US 2016/0241701).
Regarding claim 1, Bruner disclosed:
A method executed by a network device for provisioning a network device, the method comprising (Paragraph 25, zero-touch provisioning of IoT devices. Computing devices are configured for network connectivity and for interaction with a services provider network): 
(Paragraph 54, the manufacturer stores the network address or FQDN of the device provisioning service (DPS) 120 (i.e., provisioning server) for use by the IoT device (i.e., network device)); 
establishing a network connection with the provisioning server (Paragraph 59, the IoT device connects to the DPS 120 over the WLAN); 
obtaining an encryption certificate from a local memory local to the network device (Paragraph 48, the IoT device 102 stores a client digital certificate 118 (i.e., encryption certificate) in the memory of the IoT device 102. The digital certificate 118 is an X.509 certificate (i.e., encrypted)); 
authenticating using the encryption certificate (Paragraph 59, the IoT device 102 authenticates with the DPS 120 using the certificate 118); 
in response to the authenticating, provisioning the network device with a configuration received from the provisioning server (Paragraphs 50-51, the DPS 120 uses the digital certificate 118 provided by the IoT device 102…to authenticate the device 102 using a PM authentication procedure. if the DPS 120 can authenticate the IoT device 102, the DPS 120 provides the configuration data to the IoT device 102 for use in configuring the IoT device 102 for operation on the network services provider network 106).
While Bruner disclosed authenticating using the encryption certificate and provisioning the network device in response to the authenticating (see above), Bruner did not explicitly disclose authenticating the provisioning server using the encryption certificate and in response to the authenticating of the provisioning server, provisioning the network device with a configuration received from the provisioning server.
(Paragraph 50, network device includes a trust platform module (TPM). The TPM 230 comprises a digital certificate 250 including a serial number and MAC address of the network device. The certificate 250 is used to…verify that received communications are from validated cloud based service (i.e., provisioning server));
in response to the authenticating of the provisioning server, provisioning the network device with a configuration received from the provisioning server (Paragraph 56, upon…successful validation as the certificate includes the MAC and serial number of the network device 120, cloud-based service provides provisioning information (i.e., configuration) to network device 120. Provisioning information includes IP address of a particular server, keying information, and storage location information (e.g., organization name, division for organization, and folder or sub-folder name)).
	One of ordinary skill in the art would have been motivated to combine the teachings of Bruner with Gray because the references involve zero-touch provisioning of network devices, and as such, are within the same environment.  
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the authentication of the server of Gray with the teachings of Bruner in order to optimize the use of resources (Gray, Paragraph 19).
	Regarding claims 13, 25, the claims are substantially similar to claim 1. Claim 13 recites a network device programmed and configured to be provisioned by the provisioning server (Bruner, Paragraph 25, zero-touch provisioning of IoT devices. Computing devices are configured for network connectivity and for interaction with a services provider network. Paragraph 51, DPS 120 provides configuration to the IoT device 102). Claim 25 recites one or more non-transitory computer readable media storing instructions, which when executed by one or more processors of a network device (Bruner, Paragraph 65, computer readable instructions implemented on single or multi processor systems). Therefore, the claims are rejected under the same rationale. 
	Regarding claims 2, 14, 26, the limitations of claims 1, 13, 25, have been addressed. Bruner and Gray disclosed:
	wherein the local memory is part of a universal serial bus (USB) device inserted into a USB port of the network device (Bruner, Paragraph 111, removable storage is configured to be inserted into a removable storage memory slot. Paragraph 131, a data I/O interface to facilitate input and output of data to the computing device. The connector being USB).
	Regarding claims 4, 16, the limitations of claims 1, 13, have been addressed. Bruner and Gray disclosed:
	wherein the local memory is physically integrated within the network device (Bruner, Figure 8, integrated storage 818).
	Regarding claims 5, 17, 29, the limitations of claims 1, 13, 25, have been addressed. Bruner and Gray disclosed:
	wherein the network address of the provisioning server is obtained from the local memory (Bruner, Paragraph 54, the manufacturer stores data in the memory of the device 102. The manufacturer stores the network address or FQDN of the device provisioning service (DPS) 120 (i.e., provisioning server) for use by the IoT device (i.e., network device).
	Regarding claims 6, 18, 30, the limitations of claims 1, 13, 25, have been addressed. Bruner and Gray disclosed:
	wherein the network address of the provisioning server is obtained from a domain host configuration protocol (DHCP) server (Gray, Paragraph 54, network device 120 may also perform DHCP or DNS operations to locate the configuration device (i.e., provisioning server)).
	For motivation, please refer to claim 1. 
	Regarding claims 7, 19, 31, the limitations of claims 1, 13, 25, have been addressed. Bruner and Gray disclosed:
	wherein the network address of the provisioning server is obtained from a cloud services server (Gray, Paragraph 22, the network device retrieves its provisioning information from the cloud based service (i.e., cloud services server). Paragraph 56, provisioning information includes IP address of a particular server).
	For motivation, please refer to claim 1.
	Regarding claims 11, 23, the limitations of claims 1, 13, have been addressed. Bruner and Gray disclosed:
	wherein the network device is a network element of a tenant network and the provisioning of the network device is performed without requiring intervention of the tenant network (Bruner, Figure 1, showing that the IoT device 102 utilizes the network services provider network 106).
Regarding claims 12, 24, the limitations of claims 1, 13, have been addressed. Bruner and Gray disclosed:
	wherein the network provisioning server operates independently of the tenant network (Bruner, Figure 1, showing the DPS 120 operating on the network services provider network).	

Claims 3, 8, 9, 10, 15, 20-22, 27, 28, 32-34, are rejected under 35 U.S.C. 103 as being unpatentable over Bruner et al. (US 2021/0120412) in view of Gray et al. (US 2016/0241701) and RFC 8572 (Secure Zero Touch Provisioning, April 2019), hereinafter RFC 8572.
Regarding claims 3, 15, 27, the limitations of claims 2, 14, 26, have been addressed.  While Bruner and Gray disclosed the use of USB devices in order to facilitate input of data (Bruner, Paragraph 131), Bruner and Gray did not explicitly disclose wherein the network device determines whether the USB device is inserted into the network device and, in response to determining that the USB device is inserted into a USB port of the network device, obtaining the encryption certificate from the USB device.
However, in an analogous art, RFC 8572 disclosed wherein the network device determines whether the USB device is inserted into the network device and, in response to determining that the USB device is inserted into a USB port of the network device, obtaining the encryption certificate from the USB device (Page 6, Section 1.2, bootstrapping data is the collection of data that a device (i.e., network device) obtains during the bootstrapping process. Bootstrapping data includes an owner certificate. Page 7, an owner certificate represents an X.509 certificate (i.e., encryption certificate) that binds an owner identity to a public key which the device can use to validate the signature. Page 15, Section 4.1, a directly attached removable storage (e.g., a USB flash drive) can be used as a source of secure zero touch provisioning bootstrapping data. A device needs only to detect if the removable storage device is plugged in and mount its file system).
One of ordinary skill in the art would have been motivated to combine the teachings of Bruner and Gray with RFC 8572 because the references involve zero-touch provisioning of network devices, and as such, are within the same environment.  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the USB detection of RFC 8572 with the teachings of Bruner and Gray in order to not require any external infrastructure to work (RFC 8572, Section 4.1, Page 15).
Regarding claims 8, 20, 32, the limitations of claims 7, 19, 31, have been addressed. While Bruner and Gray disclosed the use of USB devices in order to facilitate input of data (Bruner, Paragraph 131), Bruner and Gray did not explicitly disclose wherein the network device determines whether a USB device is inserted into the network device and, in response to determining that a USB device is not inserted into a USB port of the network device, obtaining the network address of the provisioning server from a cloud services server. 
However, in an analogous art, RFC 8572 disclosed wherein the network device determines whether a USB device is inserted into the network device and, in response to determining that a USB device is not inserted into a USB port of the network device, (Section 1.1, Page 5, if it is not possible to customize the ISP’s network to provide any bootstrapping support, and with no other nearby device to leverage, the device has no recourse but to reach out to an internet based bootstrap server (i.e., cloud services server). Section 2.1, Page 8, redirect information encodes a list of bootstrap servers, each specifying the bootstrap servers hostname and IP address (i.e., network address). Section 4.1, Page 15, a device need only detect if the removable storage device is plugged in and mount its file system. Section 4.4, Page 21, a bootstrap server can be used as a source of secure ZTP bootstrapping data. Section 5.2, Page 24, the device iterates over its list of sources for bootstrapping data (from section 4). Section 5.5, Page 28, the device must connect to all of the DNS resolved addresses at least one before moving on to the next bootstrap server. If the device is able to obtain bootstrapping data from any of the DNS resolved addresses, it must process the data).
One of ordinary skill in the art would have been motivated to combine the teachings of Bruner and Gray with RFC 8572 because the references involve zero-touch provisioning of network devices, and as such, are within the same environment.  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the USB detection and obtaining of the network address of RFC 8572 with the teachings of Bruner and Gray in order to use transport level security, obviating the need for signed data, which is easier to deploy (RFC 8572, Section 4.4, Page 21).
Regarding claims 9, 21, 33, the limitations of claims 8, 20, 32, have been addressed. Bruner, Gray, and RFC 8572 disclose:
(Gray, Paragraph 22, the network device retrieves its provisioning information from the cloud based service (i.e., cloud services server). Paragraph 56, provisioning information includes IP address (i.e., unique identifier) of a particular server) and, based upon identifying the network device, selecting the obtained network address of the provisioning server among a plurality of provisioning server network addresses (RFC 8572, Section 2.1, Page 8, redirect information encodes a list of bootstrap servers (i.e., plurality of provisioning servers), each specifying the bootstrap server’s IP address (i.e., network address)).
For motivation, please refer to claim 8.
Regarding claims 10, 22, 34, the limitations of claims 7, 21, 33, have been addressed. While Bruner and Gray disclosed the use of USB devices in order to facilitate input of data (Bruner, Paragraph 131), Bruner and Gray did not explicitly disclose wherein the network device determines that a USB device is not inserted into the network device and further determines that a cloud services server cannot be connected to and, in response to determining that a USB device is not inserted and determining that a cloud provisioning server cannot be connected to, obtaining the network address of the provisioning server from a DHCP server.
However, in an analogous art, RFC 8572 disclosed wherein the network device determines that a USB device is not inserted into the network device and further determines that a cloud services server cannot be connected to and, in response to determining that a USB device is not inserted and determining that a cloud provisioning server cannot be connected to, obtaining the network address of the provisioning server (Section 5.2, Page 24, the device iterates over its list of sources for bootstrapping data (from section 4). Section 4.1, Page 15, starting with removable storage (i.e., USB). The device needs to detect if a removable storage is plugged in. If not, check for a DNS server (Section 4.2, Page 16). If a DNS server is not available, check a DHCP server (Section 4.3, Page 20). A DHCP server is used as a source of secure ZTP bootstrapping data. Section 5.3, Page 25, showing that bootstrapping data is either unsigned/signed redirect information or unsigned/signed onboarding information and Section 2.1, Page 8, stating that redirect information encodes a list of bootstrap servers (i.e., provisioning server), each specifying the bootstrap server’s IP address (i.e., network address)).
One of ordinary skill in the art would have been motivated to combine the teachings of Bruner and Gray with RFC 8572 because the references involve zero-touch provisioning of network devices, and as such, are within the same environment.  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the USB detection and obtaining of the network address of RFC 8572 with the teachings of Bruner and Gray to enable a touchless bootstrapping option that does not entail utilizing an internet based resource hosted by a third party (RFC 8572, Section 4.3, Page 20).
Regarding claim 28, the limitations of claim 27 have been addressed. Bruner, Gray, and RFC 8572 disclosed:
	wherein the local memory is physically integrated within the network device (Bruner, Figure 8, integrated storage 818).

Conclusion
Examiner’s Note: In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Steven C Nguyen whose telephone number is (571)270-5663.  The examiner can normally be reached on M-F 7AM - 3PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on 571-272-3880.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/S.C.N/Examiner, Art Unit 2443                                                                                                                                                                                                        /RUPAL DHARIA/Supervisory Patent Examiner, Art Unit 2443