DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .This office action is a response to an application filed 06/08/2020 wherein claims 1 – 20 are pending and ready for examination.  

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/08/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1, 10, and 19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 12, and 18 of U.S. Patent No.10693878. Although the claims at issue are not identical, they are not patentably distinct from each other because: 
Instant Application 16/895,548Claims 1, 10 and 19
US Patent No. 10,693,878Claim 1, 12, and 18
Limitation 1:
generating, by the broker, a data-access policy for the plurality of elements of
the data-access policy defining which of one or more accessing entities are granted
access to one or more elements of data within the plurality of elements of data;
facilitating, by the broker.

Limitation 2:
formation of a secure connection between a gateway device of the computer network and an accessing entity of the one or more accessing entities; and

Limitation 3:
sends the one or more elements of data to the accessing entity via the secure connection based on a determination by the gateway device that the accessing entity has been granted access to the one or more elements of data according to the data-access policy.


receiving, at a gateway device for a given computer network from a centralized broker device, a data-access policy for the given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the
given computer network;

Limitation 2:
forming, by the gateway device, a secure connection with a gateway of a particular
accessing entity using an encryption method stored at the centralized broker device, wherein the centralized broker device indicates the encryption method in a response that is sent to the particular accessing entity, the response including a time-to-live value that controls when the
gateway device and the particular accessing entity flush out at least one encryption key
associated with the encryption method;

Limitation 3:receiving, at the gateway device from the particular accessing entity over the secure
connection, a request for one or more particular elements of data from within the given computer network;
determining, by the gateway device based on the data-access policy, whether the
particular accessing entity has been granted access to each of the one or more particular elements of data of the request, wherein another gateway device has already determined that the particular accessing entity has been granted access to each of the one or more particular elements of data of
the request; and preventing, by the gateway device, access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular  accessing entity has not been granted access.
2. The method of claim 1, wherein the gateway device receives the one or more elements
of data from a data collector in the computer network that collects the one or more elements of data from the endpoint device.
receiving, at the gateway device from the a particular accessing entity over the secure
connection, a request for one or more particular elements of data from within the given computer network.


As shown above in bold, claimed limitations in the claims of US 10,693,878 disclose the majority of the claimed limitations of the current application. 10,693,878 does not disclose the claimed limitations of “identifying by a broker a plurality of elements of data generated by an endpoint device within a computer network; transmitting, from the broker to the gateway device, the data-access policy to the gateway device of the computer network, wherein the gateway device sends the one or more elements of data to the accessing entity via the secure connection based on a determination by the gateway device that the accessing entity has been granted access to the one or more elements of data according to the data-access policy.” as recited in instant claim 1 and “wherein the centralized broker device indicates the encryption method in a response that is sent to the particular accessing entity, the response including a time-to-live value that controls when the gateway device and the particular accessing entity flush out at least one encryption key associated with the encryption method" as recited in claim 1.
Regarding claims 3-7, Brown discloses a gateway device, sensors, actuators, and a broker validating the gateway prior to formation of secure channel.
The “Walled garden Proxy Server” as taught by Brown is similar to “broker” of US Patent No. 10,693,878, because in both cases the devices receives data on behalf of the accessing entities and servers. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to consider Brown to incorporate discovery services for IoT to better serve both people and M2M communication integrity.



Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-5, 9-14 and 18-20 are rejected under 35 U.S.C.102(a)(1) (a)(2) as being anticipated by Brown; Ralph W. et al, US 6732179 B1, May 4, 2004, hereafter referred to as Brown.

As to claim 1, Brown teaches a method – Brown [column 11, lines 10-13] FIG. 6 is a flow diagram illustrating transactions among the client 112, WGPS 414, GS 416, and keymaster 442 according to a preferred embodiment of the present invention., comprising: identifying, by a broker, a plurality of elements of data generated by an endpoint device within a computer network – Brown [column 11, lines 22-23]… the user uses the UI on the client 112 to request 610 access to a service in the walled garden 420.  Here, the claimed ‘endpoint device’ is taught by Brown as ‘UI’ whereas the claimed ‘broker’ is taught by Brown as ‘walled garden generating, by the broker, a data-access policy for the plurality of elements of data, the data-access policy defining which of one or more accessing entities are granted access to one or more elements of data within the plurality of elements of data – Brown [column 11, lines 39-47] The WGPS 414 receives the request 610 and determines from the URL that the client is attempting to access a restricted service in the walled garden 420. Assume, however, that this request 610 is the first request from the client 112 to the WGPS 414. As a result, the client 112 did not include a ticket with the request 610. Therefore, the WGPS 414 denies 611 access to the walled garden 420 and sends a HTTP 407 response to challenge 612 the client 112 to supply the ticket in a subsequent request.  Here, the claimed ‘data access policy’ is taught by Brown as ‘supply a ticket’ which is a requirement in order for the UL to begin the access procedure.  The claimed ‘one or more element of data’ is taught by Brown as ‘restricted service’); facilitating, by the broker, formation of a secure connection between a gateway device of the computer network and an accessing entity of the one or more accessing entities – Brown [column 10, lines 11-14] The keymaster 442 provides encryption keys to the GS 416, WGPS 414, and Internet Server 418. Preferably, the keymaster 442 has SSL links, or some other form of secure communication links, to the servers); and  transmitting, from the broker to the gateway device, the data-access policy to the  gateway device of the computer network – Brown [column 11, lines 53-56] The authorization DLL then establishes a SSL connection with the GS 416 and makes a request 616 for the ticket by sending the user authentication information, as well as the Box ID of the client 112, across the SSL connection), wherein the gateway device sends the one or more elements of data to the accessing entity via the secure connection  – Brown [column 12, lines 28-32] The resulting encrypted ticket is passed 624 to the client 112. The client 112 preferably stores the encrypted ticket internally. Since the client 112 does not have access to the secret key shared by the keymaster 442, GS 4416, and WGPS 414, the client cannot decrypt or alter the ticket) based on a determination by the gateway device that the accessing entity has been granted access to the one or more elements of data according to the data-access policy (46)   If the validation 618 is successful, the GS 416 preferably constructs 620 the ticket.

           As to claim 2, Brown teaches a method of claim 1, wherein the gateway device receives the one or more elements of data from a data collector in the computer network that collects the one or more elements of data from the endpoint device – Brown [column 11, lines 53-58]  The authorization DLL then establishes a SSL connection with the GS 416 and makes a request 616 for the ticket by sending the user authentication information, as well as the Box ID of the client 112, across the SSL connection. The GS 416 authenticates the user by validating 618 the authentication information against the information in the database 440. Here, the claimed ‘gateway device’ is taught by Brown as ‘GS 416’ whereas the claimed ‘one or more elements of data’ is taught by Brown as ‘user authentication information’.  The claimed ‘data collector’ is taught by Brown as ‘The authorization DLL’ whereas the claimed ‘network’ is taught by Brown as ‘across the SSL connection’). 
 
           As to claim 3, Brown teaches the method of claim 1, wherein the broker is external to the computer network – Brown [column 7, lines 41-47] The WGPS 414 is the entry point for the walled garden 420. Although FIG. 4 illustrates only a single walled garden 420, an embodiment of the present invention can have multiple walled gardens controlled by a single WGPS or by multiple WGPS'. Each walled garden may be controlled by a different multiple systems operator (MSO) (e.g., a different cable television company). 

           Claim 4, the method of claim 1 further comprising: 
 validating, by the broker, an identity of the gateway device for the computer network -Brown [column 12. Lines 30-32] Since the client 112 does not have access to the secret key shared by the keymaster 442, GS 4416, and WGPS 414, the client cannot decrypt or alter the ticket), prior to facilitating the formation of the secure connection - Brown [column 11, Lines 53-56] The authorization DLL then establishes a SSL connection with the GS 416 and makes a request 616 for the ticket by sending the user authentication information, as well as the Box ID of the client 112, across the SSL connection).


         As to claim 5, Brown teaches the method of claim 1, wherein identifying the plurality of elements of data generated by the endpoint device within the computer network comprises:
        receiving, at the broker and from the gateway device, an indication of the plurality of elements of data generated by the endpoint device within the computer network – Brown [column 12, lines 43-52] … The WGPS 414 receives the ticket with the request and determines 628 whether the ticket grants the user access to the walled garden 420 and walled garden service. To make this determination, the WGPS 414 uses the timestamp to determine the secret key used to encrypt the ticket. Then, the WGPS 414 uses the secret key to decrypt the ticket. Next, the WGPS 414 compares the Box ID in the ticket with the Box ID of the requesting client to ensure that the ticket was received from the correct client 112.  BRI:  Two entities receiving a common element.  Here, the claimed ‘broker’ is again taught by Brown as ‘WGPS 414’, the claimed gateway device is taught by Brown as ‘GW 416‘whereas the claimed ‘indication’ was is taught by Brown as ‘request’ because Request Access 610 includes generated elements of data received by the first entity WGPS 414 and second entity GW 416 as illustrated in Figure 6). 

          As to claim 9, Brown teaches the method of claim 1, wherein the gateway device is a router at an edge of the computer network - Brown [column 7, lines 8-12] …The proxy server 410 is connected to a network backbone 412. A walled garden proxy server (WGPS) 414, gateway server (GS) 416, and WWW Internet proxy server 418 (Internet server) are also coupled to the network backbone 412). 

         As to claim 10, claim 10 is an apparatus directed to the method of claim 1.  Therefore, claim 10 is rejected for the reasons as set forth in claim 1.

         As to claim 11, claim 11 is an apparatus directed to the method of claim 2.  Therefore, claim 11 is rejected for the reasons as set forth in claim 2.

         As to claim 12, claim 12 is an apparatus directed to the method of claim 3.  Therefore, claim 12 is rejected for the reasons as set forth in claim 3.

        As to Claim 13, claim 13 is an apparatus directed to the method of claim 4.  Therefore, claim 13 is rejected for the reasons as set forth in claim 4.

         As to claim 14, Brown teaches the apparatus as in claim 10, wherein to identify the plurality of elements of data generated by the endpoint device within the computer network comprises: receiving, from the gateway device, an indication of the plurality of elements of data generated by the endpoint device within the computer network - Brown [column 12, lines 15-18] … the GS 416 preferably uses a symmetric encryption technique to encrypt 622 the ticket 800, T, with the shared secret key to produce an encrypted ticket, T'. – Brown [column 12, lines 28-29] …The resulting encrypted ticket is passed 624 to the client 112. Here, the claimed ‘gateway device’ is taught by Brown as ‘GS416’ whereas the claimed ‘indication’ is taught by Brown as ‘ticket’). 

          As to claim 18, claim 18 is an apparatus that is directed to the method of claim 9.  Therefore, claim 18 is rejected for the reasons as set forth in claim 9.

        As to claim 19, claim 19 is a tangible, non-transitory, computer-readable medium that is directed to the method of claim 1.  Therefore claim 19 is rejected for the reasons as set forth in claim 1. 

       As to claim 20, claim 20 is a tangible, non-transitory, computer-readable medium that is directed to the method of claim 5.  Therefore claim 20 is rejected for the reasons as set forth in claim 5. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

 Claims 6-8 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Brown in view of Smith; Ned M. et al, US 20160366183 A1, December 15, 2016, hereafter referred to as Smith.

            As to claim 6, Brown teaches the method of claim 5.  BROWN DOES NOT TEACH wherein the gateway identifies the plurality of elements of data from an asset discovery service that dynamically discovers the endpoint device within the computer network, HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR SMITH TEACHES wherein the gateway identifies the plurality of elements of data from an asset discovery service that dynamically discovers the endpoint device within the computer network – Smith [0334] New devices may advertise their existence and need for bootstrapping using OIC core discovery services. The device maintains a provisioning status… resource that establishes which provisioning tasks are needed.    Thus, it would have been recognized by one of ordinary skill in the art before the effective date of the claimed invention that applying the known technique of discovery services taught by Smith to the Walled Garden Proxy Server of Brown would have yielded predicable results and resulted in an improved discovery system, namely, a walled garden proxy server capable of discovering all types of end unit or IoT devices to include sensors, actuators, and passive devices to dynamically discover and map device type to authorized requests using discovery techniques provided by Smith).

           As to claim 7, Brown teaches the method of claim 1.  BROWN DOES NOT TEACH wherein the endpoint device is a sensor, HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR SMITH TEACHES wherein the endpoint device is a sensor - Smith [0025] …In general, sensor devices 112 may be configured to sense one or more particular conditions, such as one or more environmental conditions, operating conditions associated with it or another device or so forth.  The reason to consider Smith with Brown expressed in claim 6 equally applies here in claim 7.

           As to claim 8, Brown teaches the method of claim 1.  BROWN DOES NOT TEACH wherein the endpoint device is a actuator, HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR SMITH TEACHES wherein the endpoint device is a actuator - Smith [0025] … In general, actuators 114 may be configured to perform some type of sensing operation and perform one or more actions based on one or more sensed parameters.  The reason to consider Smith with Brown expressed in claim 6 equally applies here in claim 8.   

           As to claim 15, claim 15 is an apparatus that is directed to the method of claim 6.  Therefore, claim 15 is rejected for the reasons as set forth in claim 6.

           As to claim 16, claim 16 is an apparatus that is directed to the method of claim 7.  Therefore, claim 16 is rejected for the reasons as set forth in claim 7.

            As to claim 17, claim 17 is an apparatus that is directed to the method of claim 8.  Therefore, claim 17 is rejected for the reasons as set forth in claim 8. 

           
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from 
 /WILLIAM B JONES/Examiner, Art Unit 24919/7/2021