DETAILED ACTION
	Claims 1-5 are pending. Claims 1 and 4-5 are amended. This is in response to Applicant’s amendment and arguments filed on September 4, 2021. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
	Claims 4 and 5 were rejected under 35 U.S.C. 101 are now withdrawn in view of the amendments to the claims.
	Claim 1 was rejected under 112(b) now moot in view of the amendment to the claim.
 	With regard to the 103 rejection, Applicant's arguments filed on September 4, 2021 have been fully considered but they are not persuasive. Claim 1 recites “IoT device identification”, “identification number” and “predetermined identifier” among other things. Hugh’s reference is relied on the node ID as the “IoT device identification” and the access code as the “identification number”. Berdy’s reference is relied on the separate ID created for a session as the “predetermined identifier” (par. 51-53, 65-67; The server device "creates a separate ID for loT device 441"). Hence, per Applicant’s Remark, asserting the node ID of Hugh is used as the “predetermined identifier” as claimed is incorrect.
	This action is Final.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


 	Claims 1-5 are rejected under 35 U.S.C. 103 as being unpatentable over 
US 2018/0109395 (hereinafter Berdy) in view of US 2018/0159834 (hereinafter Hughes)
 	Regarding claim 1, Berdy discloses:
 	An information processing system including a server device and a terminal
device of the same type or a different type capable of performing communication via a
communication network, the information processing system comprising ("System 300
may include network 330, loT hubs 351-353, loT devices 341-343, and provisioning
services 311-312, which all connect to network 330", where a provisioning service and
an associated (selected) loT hub (Berdy: par. 64) read on a (network) server device,
and loT devices read on terminal devices (Berdy: par. 39; Fig. 3) implemented on
computing devices (Berdy: par. 27-38; Fig. 2)):
 	an initial setting unit that registers, in the terminal device, lo T device identification information for identifying the terminal device, connection destination information of the server device, and an identification number for first connection in advance, the server device and the terminal device being in a connection relationship of recognizing and identifying each other in advance (The terminal (loT) device stores at least an "uniform resource indicator (URI)" (connection destination information) to connect to the provisioning server, "identity information" of the terminal device, and unique cryptographic information "guaranteed to connect to provisioning" server (Berdy: par. 45, 47). The terminal (loT) device identity is also in a manufacturer generated list of valid loT devices ("enrollment list 592"), and the list is provided to the provisioning server (Berdy: par. 60, 62, Figs. 4, 5)).
 	 Berdy does not expressly disclose an identification number. However, in a
related application, Hughes discloses that a communication module included in a
device (Hughes: par. 18; corresponding to the terminal (loT) device of Berdy) is preconfigured, via a factory provisioning server to store a "node ID" (device identification) and an associated "access code" (identification number), as well as a "global network key" that can be used to access (and to communicate securely with) a network prior to (for the purpose of) provisioning/configuring the communication module "to join the network"; the node ID (device identification), access code (identification number) and the global network key are also stored in a key storage server associated with the network (Hughes: par. 19-22; Fig. 1 ). To join a network, the terminal (loT) device sends a request together with the node ID and access code pair to (a server of) the network; when the node ID and access code are validated against values store in the key storage server, the (server of the) network starts provisioning the communication module of the terminal (loT) device "specifically for that network"; as part of the provisioning process, the terminal (loT) device receives (session) keys specific to the network and for communicating with the network (Hughes: par. 22-25, 31). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Berdy and Hughes to additionally pre-configure the terminal (loT) device at least with an "access code" (identification number) and a global network key. One would have done so to increase the security of the identification (authentication) of the terminal (loT) device by requiring an access code (identification number, corresponds to a password/pin) and to protect communications during the provisioning process (Berdy: par. 45). In view of Hughes and subsequent to the provisioning process, communications with the network (including the server) are encrypted with session keys specific to the network (per Hughes above) that are included in the cryptographic information transmitted to the terminal (loT) device (Berdy: par. 51-53). Accordingly, Berdy in view of Hughes discloses an identification number (access code) and further discloses:
 	wherein the server device includes an lo T device information
acquisition/registration unit that registers the lo T device identification information for
identifying the terminal device and the identification number for first connection in
advance (as outlined above),
	the terminal device includes a connection request unit that requests connection
by connecting to the server device using the connection destination information and
transmitting the lo T device identification information and the identification number for
first connection (Berdy: par. 46-47, 61; modified by Hughes to transmit the access code
(identification number). Hughes: par. 22-23; and as outlined above),
 	the server device includes
 	a temporary authentication unit that identifies the terminal device using the lo T
device identification information, and performs temporary authentication using the
identification number for first connection (Berdy: par. 48-49, 62-63; modified by Hughes
to validate the access code (identification number). Hughes: par. 23, 27- 28; and as
outlined above), and
 	a provision unit that provides, to the terminal device, a parameter file including a
predetermined identifier for uniquely identifying a connection between the terminal
device and the server device of which mutual authenticity is guaranteed by the
temporary authentication, and the connection destination information regarding a
connection destination of the server device (Berdy: par. 51-53, 65-67; The server device
"creates a separate [local] ID for loT device 441" (predetermined identifier) to identify
the terminal (loT) device during communication sessions, and communicates
"cryptographic information" (parameter file) to the terminal (loT) device. "The
cryptographic information may also include credentials, the hostname of the selected
loT hub 451, connectivity information required for loT device 441 to connect with loT
hub 451 ", such that subsequently, "communications between loT device 441 and loT
hub 451 may occur directly and in a normal fashion", where all connections with the server are secured (Berdy: par. 23). In the aforementioned, the credentials correspond
to the access code of Hughes (above), have an expiration time and read on a timed
identification number. In view of Hughes (par. 22-25; also implied by Berdy above), the
cryptographic information includes the session keys).
 	the terminal device includes
 	a request unit that accesses the server device specified by the connection
destination information in the parameter file, and requests issuance of a timed
identification number (The connection request by the terminal device above, which in
view of Berdy is also a request for the cryptographic information, including credentials
(timed identification number), where the connection destination information is also
included in the cryptographic information (parameter file)), and
 	a transmission unit that transmits the predetermined identifier and the timed identification number to the server device when connecting to the server device specified by the connection destination information in the parameter file (Hughes: par. 31; "The module and the network can then use the new keys [in the cryptographic information, per Berdy] to secure data communication between them". In view of Berdy (above), the separate (local) ID of the terminal (loT) device (predetermined identifier) and the credentials (timed identification number) are also transmitted to identify/authenticate the terminal (loT) device), and
 	the server device includes
 	an identification number issuing unit that issues the timed identification number in
response to the request of the issuance of the timed identification number from the
terminal device (the credentials are issued as outlined above), and
 	an authentication unit that identifies a connection relationship with the terminal
device using the predetermined identifier and the timed identification number, and
authenticates an authenticity of the identified connection relationship (The
separate ID (predetermined identifier) and the credentials (timed identification) are validated as outlined above. That is, Berdy: par. 51-52, “By creating a separate ID for 
IoT device 441, IoT hub has an ID for IoT device 441 that maps to IoT device 
441 so that IoT hub 451 can properly communicate with IoT device 441” to identify
the terminal (loT) device during communication sessions, and communicates
"cryptographic information" (parameter file) to the terminal (loT) device. "The
cryptographic information may also include credentials, the hostname of the selected
loT hub 451, connectivity information required for loT device 441 to connect with loT
hub 451").

 	Regarding claims 2 and 3, the rejection of claim 1 under 35 U.S.C 103 is
incorporated herein. In addition, Berdy in view of Hughes discloses:
 	(2) The provision unit holds the parameter file in a download area dedicated for
the terminal device, and provides the parameter file to the terminal device (The
cryptographic information (parameter file) is downloaded to the terminal (loT) device, as
outlined for the rejection of claim 1. Hence, the cryptographic information is at least
temporarily held in a dedicated buffer in memory/storage).
 	(3) The terminal device further includes a data collation unit that is configured to
in a case where first data is transmitted to the server device, notify a hash value of the
first data as a first hash value to the server device, and transmit the first data to which
the first hash value is assigned to the server device, and in a case where second data
and second hash value transmitted from the server device are received, collate a hash
value assigned to the second data with the second hash value, and acquire the second
data according to a collation result (The (new) session keys are used to encrypt/decrypt
data exchanged during the session (Hughes: e.g. Fig. 3). With respect to the hash
value, Examiner takes official notice, in that protecting data integrity via hashing the data was well-known and commonly used in the art. IPsec and TLS/SSL are example
protocols that provide data integrity via hashing and are well documented in respective
IEEE RFCs. In summary, a sender of data generates a hash over transmitted data and
transmits the data and the hash to a receiver. The receiver re-computes the hash over
received data and compares the re-computed hash with the received hash to determine
whether the received data is corrupted or not. If the data is corrupted, the data is
discarded. One would have been motivated to do so to protect the data integrity to
provide security for the exchanged data).

 	Regarding claim 4, it corresponds to the functionality of the terminal device of
claim 1, and claim 4 does not disclose beyond the features of claim 1. Therefore, claim
4 is rejected for the same reasons outlined for the rejection of claim 1.

 	Regarding claim 5, it corresponds to the functionality of the server device of
claim 1, and claim 5 does not disclose beyond the features of claim 1. Therefore, claim
5 is rejected for the same reasons outlined for the rejection of claim 1.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994.  The examiner can normally be reached on Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRI M TRAN/Primary Examiner, Art Unit 2432