DETAILED ACTION
This action is in response to new application filed 11/11/2020 titled “Devices, Systems, and Processes For Authenticating Devices”.  Claims 1-20 were received for consideration are pending.

Priority
Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been received.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/11/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 7 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 7 recites the limitation "the user data" in line 2.  There is insufficient antecedent basis for this limitation in the claim. 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-18 of U.S. Patent No. 10,869,194. Although the claims at issue are not identical, they are not patentably distinct from each other because each and every element of the above independent claims 1, 13 and 18 of the present application is broader and therefore anticipated by the corresponding independent claim 1, 12 and 18 of U.S. Patent No. 10,869,194.
17/095509 Claim 1
10,869,194 claim 1
A process comprising: 











at a first device, establishing a hub link with a second device; 

establishing an electronic data connection between an IoT device and a hub; 


sending, by the hub, an initial authentication signal; 

randomly generating at least two perceptible components; 

wherein the initial authentication signal includes a cryptologic component and at least two perceptible components; 


wherein the cryptological component includes a public key of a public key-private key keychain; 

wherein at least one of the at least two perceptible components is an identifying perceptible component; 

wherein at least one of the at least two perceptible components is a randomly generated identifying perceptible component; and 

sending, over the hub link, an initial authentication signal that includes the identifying perceptible component and a second perceptible component;
wherein the randomly generated identifying perceptible component includes at least two icons; 



receiving, by the hub, a responsive message; 

receiving, over the hub link, a responsive message from the second device; 

wherein the responsive message is secured, prior to transmission by the IoT device, by the cryptologic component by the private key for the public key-private key keychain; and 

determining whether the responsive message includes a selection of the identifying perceptible component; and 

determining, by the hub, whether the selection includes the randomly generated identifying perceptible component; and 

when a result of the determining is affirmative, establishing an authenticated session over the hub link between the first device and the second device.
if the result of the determining step is affirmative, establishing an authenticated session between the hub and the IoT device.


17/095509 Claim 13
10,869,194 claim 12
A hub comprising: 



























a data storage device; and 

a communications module operable using at least one of a short-range communications technology, an intermediate range communication technology; and a long range communications technology; and 

a processor configured to execute computer readable instructions for establishing an authenticated session between the hub device and an IoT device; 

an input/output module, coupled to the processor; 

a security module, coupled to the processor; 

a communications module, coupled to the processor; 

wherein the data storage device stores non-transitory hardware processor executable instructions instructing the hub to: 

a storage module, coupled to the processor, configured to store the computer readable instructions; 


wherein the computer readable instructions include the operations of: 

establish a hub link between the hub and a first device; 

establishing, via the communications module, an electronic data connection between an IoT device and the hub device; 

send, to the first device and over the hub link, an initial authentication signal that includes the identifying perceptible component and a second perceptible component; 

sending, via the communications module, an initial authentication signal; 

wherein at least one of the at least two perceptible components is an identifying perceptible component; 


wherein the initial authentication signal includes a cryptologic component generated by the security module and a randomly generated identifying perceptible component; 


wherein the cryptological component includes a public key of a public key-private key keychain; 



wherein the randomly generated identifying perceptible component includes at least two icons; 

receive, from the first device and over the hub link, a responsive message; 

receiving, via the communications module, a responsive message; 


wherein the responsive message is secured, prior to transmission by the IoT device, by using the private key for the public key-private key keychain of the cryptologic component; and 

determine whether the responsive message includes a selection of the identifying perceptible component; and 

wherein the responsive message includes a selection of a unique identifying icon selected from the at least two icons of the randomly generated identifying perceptible component and a unique identifying keyword; 


decrypting, using the security module, the responsive message; and 


determining, by the processor, whether the selection includes the randomly generated identifying perceptible component; and 


when a result of the determining is affirmative, establish an authenticated session between the hub and the first device.
if the result of the determining step is affirmative, establishing an authenticated session between the hub device and the IoT device; and 


outputting, using the input/output module, a humanly perceptible signal indicating the authenticated session is established.


17/095509 Claim 18
10,869,194 claim 18
A non-transitory computer processor readable data storage medium comprising:

hardware processor executable instructions which, when executed by a hardware processor in a hub, establish an authenticated session between the hub and a first device by facilitating operations including: 




















establishing an electronic data connection between the IoT device and the hub; 


receiving from the hub an initial authentication signal; 

randomly generating, by the hub, at least two perceptible components; 

wherein the initial authentication signal includes a cryptologic component and at least two perceptible components; 


wherein the cryptological component includes a public key of a public key--private key keychain; 

wherein at least one of the at least two perceptible components is an identifying perceptible component; 

wherein at least one of the at least two perceptible components is a randomly generated identifying perceptible component; 


wherein the randomly generated identifying perceptible component includes at least two icons; 

sending, by the hub and over the hub link, an initial authentication signal that includes the identifying perceptible component and a second perceptible component; 

receiving by the hub, from the first device, and over the hub link a responsive message; 

outputting a responsive message secured by the private key of the cryptologic component and including a selection, by a user of the IoT device, of the randomly generated identifying perceptible component; and 

determining, by the hub, whether the responsive message includes a selection of the identifying perceptible component; and 

when a result of the determining is affirmative, establishing an authenticated session over the hub link between the hub and the first device.
upon a determination by the hub that the responsive message includes a selection of a unique identifying icon selected from at least two icons of the randomly generated identifying perceptible component and a unique identifying keyword, and an establishment of an authenticated session between the hub and the IoT device;


requesting session data from at least one of the hub and a third-party service provider via the authenticated session between the hub and the IoT device; 


wherein the session data includes data provided by at least one of a streaming video service provider, a web service provider, and a data service provider.



Claim Rejections - 35 USC § 103
Claims 1, 3, 8, 10-13, 15, 16, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Askar (US 10,291,477) in view of Alexander et al (2010/0043062).
With respect to claim 1 Askar teaches a process comprising: 
at a first device (see Askar figure 4 step 2 and column 10 lines 54-59 i.e. In step 2, an loT device 420 may establish a local area network (LAN) connection with the hub device 430),
establishing a hub link with a second device (see Askar figure 4 step 2 and column 10 lines 54-59 i.e. In step 2, an loT device 420 may establish a local area network (LAN) connection with the hub device 430. The loT device 420 may be preconfigured with hub connection information. The hub connection information may include a service set identifier (SSID) associated with the hub device 430 and instructions to connect to the hub device 430); 
wherein at least one perceptible components is an identifying perceptible component (see Askar figure 4 step 5 and column 11 lines 49-55 i.e. a security token); 
sending, over the hub link, an initial authentication signal that includes the identifying perceptible component (see Askar figure 4 step 5 and column 11 lines 49-55 
receiving, over the hub link, a responsive message from the second device (see Askar column 11 lines 4-15 i.e. After the connection is established between the loT device 420 and the hub device 430, subsequent communications between the loT device 420 and the hub device 430 may be encrypted for security purposes. The communications between the loT device 420 and the hub device 430 may be encrypted using security keys. The security keys may be derived based on various types of information (e.g., the SSID, loT device information) known to the loT device 420 and/or the hub device 430); 
determining whether the responsive message includes a selection of the identifying perceptible component (see Askar column 12 lines 24-31 i.e. In step 8, the hub device 430 may determine whether the security token included in the request for service registration corresponds to the security token previously provided from the hub device 430 to the loT device 420 (in step 5)). If so, the hub device 430 may authenticate the loT device 420. In other words, the hub device 430 may authenticate the loT device 420 based on the security token received from the loT device 420); and 
when a result of the determining is affirmative, establishing an authenticated session over the hub link between the first device and the second device (see Askar figure 4 step 10 and column 12 lines 45-60 i.e. The IoT service 440 may verify the dedicated security certificate and setup the connection with the IoT device 420. After the connection is established, the IoT device 420 may securely communicate IoT device data to the IoT service 440. The IoT device 420 may perform the IoT device data 
Askar does not teach randomly generating at least two perceptible components; wherein the initial authentication signal includes a second perceptible components.
Alexander teaches randomly generating at least two perceptible components; wherein the initial authentication signal includes a second perceptible components (see Alexander paragraph 0072-0074 i.e. In some embodiments, image-based authentication may include generating a graphical display, such as an image grid, that may display images from different categories, including at least one preselected authentication category. The location of the categories in the graphical display may be randomized. The specific image for each category may be chosen randomly from a database of images for that specific category. Each image can be overlaid with a randomly generated image identifier. The user may select or input the image identifiers (or password elements) corresponding to the images or icons selected within the arrangement. Selected image identifiers can then be communicated by the client system to the server system. The server system can compare the user selected image identifiers relative to a reference password, and further analyze related information with any other associated authentication data that may be stored in a memory within the 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Alexander to include the graphic authentication of Alexander of transmitting a sequence of images that include both images that were initially registered, and other images that are not registered and having the user/device identify those images that he had previously registered to the authentication of Askar to increase the security of the authentication by ensuring correlation between the selected image with the preselected imags (see Alexander paragraph 0074).

With respect to claim 3 Askar teaches the process of claim 1, wherein the first device is a hub; and wherein the second device is an Internet-of-things (IoT) device (see Askar figure 4 step 2 and column 10 lines 54-59 i.e. In step 2, an loT device 420 may establish a local area network (LAN) connection with the hub device 430).

With respect to claim 8 Askar teaches the process of claim 1, further comprising: at the first device, receiving, from the second device and over the hub link, a cryptological component securing the responsive message; and decrypting the responsive message based on the cryptological component (see Askar column 11 lines 4-15 i.e. After the connection is established between the loT device 420 and the hub device 430, subsequent communications between the loT device 420 and the hub device 430 may be encrypted for security purposes. The communications between the 

With respect to claim 10 Askar teaches the process of claim 1, further comprising: at the first device, communicatively couple, via an external hub link, the second device with a third device (see Askar figure 4 step 10 and column 12 lines 45-60 i.e. The IoT service 440 may verify the dedicated security certificate and setup the connection with the IoT device 420. After the connection is established, the IoT device 420 may securely communicate IoT device data to the IoT service 440. The IoT device 420 may perform the IoT device data communications in accordance with a message queue telemetry transport (MQTT) protocol, which may be used as a lightweight messaging protocol for use on top of a transmission control protocol (TCP)/Internet Protocol (IP) protocol. The IoT device 420 may communicate the IoT device data directly to the IoT service 440, or alternatively, the IoT device may communicate the IoT device data to the IoT service 440 via the hub device 430).

With respect to claim 11 Askar teaches the process of claim 10, wherein the external hub link utilizes, in a first part, the hub link to connect the first device with the second device and, in a second part, a second hub link to connect the first device with the third device (see Askar figure 4 step 10 and column 12 lines 45-60 i.e. The IoT service 440 may verify the dedicated security certificate and setup the connection with the IoT device 420. After the connection is established, the IoT device 420 may securely 

With respect to claim 12 Askar teaches the process of claim 11, wherein the third device is at least one of data source, a satellite service provide, a terrestrial service provider, a streaming server, a web server, and a service provider (see Askar column 4 lines 17-22 i.e. The lol devices 140 may establish a connection with an loT service 115, such as an application for managing the environment in the factory, and then the loT devices 140 may periodically upload loT device data (e.g., temperature data, humidity data, and air flow data) to the loT service 115).

With respect to claim 13 Askar teaches a hub comprising: 
a hardware processor (see Askar column 17 lines 12-39 i.e. The processor 812 may represent multiple processors and the memory 820 may represent multiple memory units that operate in parallel to the processing circuits. This may provide parallel processing channels for the processes and data in the system. The local interface 818 may be used as a network to facilitate communication between any of the multiple processors and multiple memories); 

a communications module operable using at least one of a short-range communications technology, an intermediate range communication technology; and a long range communications technology (See Askar column 7 lines 52-59 i.e. The network 250 may include any useful computing network, including an intranet, the Internet, a local area network, a wide area network, a wireless data network, or any other such network or combination thereof. Components utilized for such a system may depend at least in part upon the type of network and/or environment selected. Communication over the network may be enabled by wired or wireless connections and combinations thereof); and 
wherein the data storage device stores non-transitory hardware processor executable instructions instructing the hub to: 
establishing a hub link the hub and a first device (see Askar figure 4 step 2 and column 10 lines 54-59 i.e. In step 2, an loT device 420 may establish a local area network (LAN) connection with the hub device 430. The loT device 420 may be preconfigured with hub connection information. The hub connection information may include a service set identifier (SSID) associated with the hub device 430 and instructions to connect to the hub device 430); 

send, to the first device and over the hub link, an initial authentication signal that includes the identifying perceptible component (see Askar figure 4 step 5 and column 11 lines 49-55 i.e. In step 5, the hub device 430 may provide a security token to the loT device 420 after the request for hub registration is validated at the hub device 430);
receive, from the first device and over the hub link, a responsive message (see Askar column 11 lines 4-15 i.e. After the connection is established between the loT device 420 and the hub device 430, subsequent communications between the loT device 420 and the hub device 430 may be encrypted for security purposes. The communications between the loT device 420 and the hub device 430 may be encrypted using security keys. The security keys may be derived based on various types of information (e.g., the SSID, loT device information) known to the loT device 420 and/or the hub device 430); 
determine whether the responsive message includes a selection of the identifying perceptible component (see Askar column 12 lines 24-31 i.e. In step 8, the hub device 430 may determine whether the security token included in the request for service registration corresponds to the security token previously provided from the hub device 430 to the loT device 420 (in step 5)). If so, the hub device 430 may authenticate the loT device 420. In other words, the hub device 430 may authenticate the loT device 420 based on the security token received from the loT device 420); and 
when a result of the determining is affirmative, establishing an authenticated session over the hub link between the first device and the second device (see Askar 
Askar does not teach randomly generating at least two perceptible components; wherein the initial authentication signal includes a second perceptible components.
Alexander teaches randomly generating at least two perceptible components; wherein the initial authentication signal includes a second perceptible components (see Alexander paragraph 0072-0074 i.e. In some embodiments, image-based authentication may include generating a graphical display, such as an image grid, that may display images from different categories, including at least one preselected authentication category. The location of the categories in the graphical display may be randomized. The specific image for each category may be chosen randomly from a database of images for that specific category. Each image can be overlaid with a randomly generated image identifier. The user may select or input the image identifiers (or password elements) corresponding to the images or icons selected within the arrangement. Selected image identifiers can then be communicated by the client 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Alexander to include the graphic authentication of Alexander of transmitting a sequence of images that include both images that were initially registered, and other images that are not registered and having the user/device identify those images that he had previously registered to the authentication of Askar to increase the security of the authentication by ensuring correlation between the selected image with the preselected imags (see Alexander paragraph 0074).

With respect to claim 15 Askar teaches the hub of claim 14, wherein the non-transitory hardware processor executable instructions further instruct the hardware processor to: receive, from the first device and over the hub link, a cryptological component securing the responsive message; and decrypt the responsive message based on the cryptological component (see Askar column 11 lines 4-15 i.e. After the connection is established between the loT device 420 and the hub device 430, subsequent communications between the loT device 420 and the hub device 430 may be encrypted for security purposes. The communications between the loT device 420 and the hub device 430 may be encrypted using security keys. The security keys may 

With respect to claim 16 Askar teaches the hub of claim 14, wherein the non-transitory hardware processor executable instructions are further operable to instruct the hub to: communicatively couple, via an external hub link, the first device with a second device; wherein the external hub link utilizes, in a first part, the hub link connecting the first device with the hub and, in a second part, a second hub link to connect the hub with the second device (see Askar figure 4 step 10 and column 12 lines 45-60 i.e. The IoT service 440 may verify the dedicated security certificate and setup the connection with the IoT device 420. After the connection is established, the IoT device 420 may securely communicate IoT device data to the IoT service 440. The IoT device 420 may perform the IoT device data communications in accordance with a message queue telemetry transport (MQTT) protocol, which may be used as a lightweight messaging protocol for use on top of a transmission control protocol (TCP)/Internet Protocol (IP) protocol. The IoT device 420 may communicate the IoT device data directly to the IoT service 440, or alternatively, the IoT device may communicate the IoT device data to the IoT service 440 via the hub device 430); and wherein the second device is at least one of data source, a satellite service provider, a terrestrial service provider, a streaming server, a web server, and an Internet service provider (see Askar column 4 lines 17-22 i.e. The lol devices 140 may establish a connection with an loT service 115, such as an application for managing the environment in the factory, and then the loT devices 140 may periodically upload loT 


With respect to claim 18 Askar teaches a non-transitory computer processor readable data storage medium comprising: 
hardware processor executable instructions which, when executed by a hardware processor in a hub (see Askar column 17 lines 13-33 i.e. The components or modules that are shown as being stored in the memory device 820 may be executed by the processor 812. The term "executable" may mean a program file that is in a form that may be executed by a processor 812), establish an authenticated session between the hub and a first device by facilitating operations including: 
establishing, by the hub, a hub link with the first device (see Askar figure 4 step 2 and column 10 lines 54-59 i.e. In step 2, an loT device 420 may establish a local area network (LAN) connection with the hub device 430. The loT device 420 may be preconfigured with hub connection information. The hub connection information may include a service set identifier (SSID) associated with the hub device 430 and instructions to connect to the hub device 430); 
wherein at least one perceptible components is an identifying perceptible component (see Askar figure 4 step 5 and column 11 lines 49-55 i.e. a security token); 
sending, over the hub link, an initial authentication signal that includes the identifying perceptible component (see Askar figure 4 step 5 and column 11 lines 49-55 
receiving, over the hub link, a responsive message from the second device (see Askar column 11 lines 4-15 i.e. After the connection is established between the loT device 420 and the hub device 430, subsequent communications between the loT device 420 and the hub device 430 may be encrypted for security purposes. The communications between the loT device 420 and the hub device 430 may be encrypted using security keys. The security keys may be derived based on various types of information (e.g., the SSID, loT device information) known to the loT device 420 and/or the hub device 430); 
determining whether the responsive message includes a selection of the identifying perceptible component (see Askar column 12 lines 24-31 i.e. In step 8, the hub device 430 may determine whether the security token included in the request for service registration corresponds to the security token previously provided from the hub device 430 to the loT device 420 (in step 5)). If so, the hub device 430 may authenticate the loT device 420. In other words, the hub device 430 may authenticate the loT device 420 based on the security token received from the loT device 420); and 
when a result of the determining is affirmative, establishing an authenticated session over the hub link between the first device and the second device (see Askar figure 4 step 10 and column 12 lines 45-60 i.e. The IoT service 440 may verify the dedicated security certificate and setup the connection with the IoT device 420. After the connection is established, the IoT device 420 may securely communicate IoT device data to the IoT service 440. The IoT device 420 may perform the IoT device data 
Askar does not teach randomly generating at least two perceptible components; wherein the initial authentication signal includes a second perceptible components.
Alexander teaches randomly generating at least two perceptible components; wherein the initial authentication signal includes a second perceptible components (see Alexander paragraph 0072-0074 i.e. In some embodiments, image-based authentication may include generating a graphical display, such as an image grid, that may display images from different categories, including at least one preselected authentication category. The location of the categories in the graphical display may be randomized. The specific image for each category may be chosen randomly from a database of images for that specific category. Each image can be overlaid with a randomly generated image identifier. The user may select or input the image identifiers (or password elements) corresponding to the images or icons selected within the arrangement. Selected image identifiers can then be communicated by the client system to the server system. The server system can compare the user selected image identifiers relative to a reference password, and further analyze related information with any other associated authentication data that may be stored in a memory within the 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Alexander to include the graphic authentication of Alexander of transmitting a sequence of images that include both images that were initially registered, and other images that are not registered and having the user/device identify those images that he had previously registered to the authentication of Askar to increase the security of the authentication by ensuring correlation between the selected image with the preselected imags (see Alexander paragraph 0074).

With respect to claim 20 Askar teaches the non-transitory computer processor readable medium of claim 18, wherein the hardware processor executable instructions further facilitate operations comprising: communicatively coupling the first device with at least one of data source, a satellite service provide, a terrestrial service provider, a streaming server, a web server, and a service provider (see Askar column 4 lines 17-22 i.e. The lol devices 140 may establish a connection with an loT service 115, such as an application for managing the environment in the factory, and then the loT devices 140 may periodically upload loT device data (e.g., temperature data, humidity data, and air flow data) to the loT service 115).

Claims 4, 5, 7, 9 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Askar (US 10,291,477) in view of Alexander et al (2010/0043062) in view of 
With respect to claim 4 Askar teaches the process of claim 1, but does not disclose wherein at least one of the at least two perceptible components includes at least one of a uniquely identifying sound, a uniquely identifying sequence of two or more sounds, and a uniquely identifying Morris code pattern that includes two or more sounds.
Findling teaches wherein at least one of the at least two perceptible components includes at least one of a uniquely identifying sound, a uniquely identifying sequence of two or more sounds, and a uniquely identifying Morris code pattern that includes two or more sounds (see Findling section Device-to-User Authentication Approaches i.e. Sound, Analogous to using visual information, authentication information can be revealed via sound, For example, HAPADEP [15] uses a human recognizable MI codec transporting 240 bits of information in 3.45 (70 b/s}, which seams sufficient for DOU authentication tasks).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Findling to have used sound as one of many ways to provide mobile device-to-user (D2U) authentication (see Findling section Device-to-User Authentication Approaches / Sound). Therefore one would have been motivated to have sound as a way to provide mobile device-to-user (D2U) authentication.

	

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Findling to have used a uniquely identifying vibration pattern as a way to provide mobile device-to-user (D2U) authentication as one D2U feedback channel that is unobtrusive and hard to eavesdrop since a user study estimated vibration pattern recognition using a setup of 7 bits per second (b/s) that users are able to distinguish vibration correctness of 97.5 percent (See Findling Abstract). Therefore one would have been motivated to have used identifying vibration pattern as a way to provide mobile device-to-user (D2U) authentication.

With respect to claim 7 Askar teaches the process of claim 5, but does not disclose wherein the user data includes at least one of a fingerprint, a password, a pin, and a pattern.
Findling teaches wherein the user data includes at least one of a fingerprint, a password, a pin, and a pattern (see abstract i.e. Users usually authenticate to mobile devices before using thern (e.g. PIN, password)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Findling to have used a 

With respect to claim 9 Askar teaches the process of claim 1, but does not disclose further comprising: before sending the authentication signal, presenting, by the first device and in a humanly perceptible form, the identifying perceptible component to a user of the second device.
Findling teaches further comprising: before sending the authentication signal, presenting, by the first device and in a humanly perceptible form, the identifying perceptible component to a user of the second device (see Findling section Device-to-User Authentication Approaches i.e. Sound, Analogous to using visual information, authentication information can be revealed via sound, For example, HAPADEP [15] uses a human recognizable MI codec transporting 240 bits of information in 3.45 (70 b/s}, which seams sufficient for DOU authentication tasks).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Findling to have used a uniquely identifying vibration pattern as a way to provide mobile device-to-user (D2U) authentication as one D2U feedback channel that is unobtrusive and hard to eavesdrop since a user study estimated vibration pattern recognition using a setup of 7 bits per second (b/s) that users are able to distinguish vibration correctness of 97.5 percent (See Findling Abstract). Therefore one would have been motivated to have used 

With respect to claim 14 Askar teaches the hub of claim 13, but does not disclose wherein at least one of the at least two perceptible components includes at least one of: a uniquely identifying sound; a uniquely identifying sequence of two or more sounds; a uniquely identifying Morris code pattern that includes two or more sounds; a uniquely identifying vibration pattern; a uniquely identifying vibration frequency; and a uniquely identifying Morris code pattern that includes two or more vibrations. 
Findling teraches wherein at least one of the at least two perceptible components includes at least one of: a uniquely identifying sound; a uniquely identifying sequence of two or more sounds; a uniquely identifying Morris code pattern that includes two or more sounds; a uniquely identifying vibration pattern; a uniquely identifying vibration frequency; and a uniquely identifying Morris code pattern that includes two or more vibrations (see Findling section Device-to-User Authentication Approaches i.e. Sound, Analogous to using visual information, authentication information can be revealed via sound, For example, HAPADEP [15] uses a human recognizable MI codec transporting 240 bits of information in 3.45 (70 b/s}, which seams sufficient for DOU authentication tasks).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Findling to have used a uniquely identifying vibration pattern as a way to provide mobile device-to-user (D2U) authentication as one D2U feedback channel that is unobtrusive and hard to eavesdrop .

Claims 2, 6, 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Askar (US 10,291,477) in view of Alexander et al (2010/0043062) in view of Song et al (US 2015/0334554).
With respect to claim 2 Askar teaches the process of claim 1, wherein the hub link is established using at least one of the short range communications technology, an intermediate range communications technology, and a long range communications technology (see Askar column 7 lines 52-59 i.e. The network 250 may include any useful computing network, including an intranet, the Internet, a local area network, a wide area network, a wireless data network, or any other such network or combination thereof. Components utilized for such a system may depend at least in part upon the type of network and/or environment selected. Communication over the network may be enabled by wired or wireless connections and combinations thereof).
	Askar does not teach establishing a first connection between the first device and the second device; wherein a first connection is established before the hub link is established; wherein the first connection is established using short range communications technology.


With respect to claim 6 Asker teaches the process of claim 1, but does not disclose further comprising: at the first device, receiving, from the second device and over the hub link, user data uniquely identifying an intended user of the second device for the authenticated session; and determining whether the intended user is authorized for the authenticated session. 
	Song teaches further comprising: at the first device, receiving, from the second device and over the hub link, user data uniquely identifying an intended user of the second device for the authenticated session; and determining whether the intended user is authorized for the authenticated session (see Song paragraph 0385 i.e. Among the service providers, the smart home service provider 2850 may authenticate the user 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Song to have the smart home service provider authenticate the user information received from the user in order to user authenticated control of the loT devices in the home of the user (see Song paragraph 0385).

With respect to claim 17 Asker teaches the hub of claim 15, but does not disclose 17 wherein the non-transitory hardware processor executable instructions are further operable to instruct the hub to: receive from the first device and over the hub link, user data uniquely identifying an intended user of the first device for the authenticated session; and determine whether the intended user is authorized for the authenticated session.
Song teaches wherein the non-transitory hardware processor executable instructions are further operable to instruct the hub to: receive from the first device and over the hub link, user data uniquely identifying an intended user of the first device for the authenticated session; and determine whether the intended user is authorized for the authenticated session (see Song paragraph 0385 i.e. Among the service providers, 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Song to have the smart home service provider authenticate the user information received from the user in order to user authenticated control of the loT devices in the home of the user (see Song paragraph 0385).

With respect to claim 19 Asker teaches the non-transitory computer processor readable medium of claim 18, but does not disclose wherein the hardware processor executable instructions further facilitate operations comprising: receiving from the first device and over the hub link, user data uniquely identifying an intended user of the first device for the authenticated session; and determining whether the intended user is authorized for the authenticated session.
Song teaches wherein the hardware processor executable instructions further facilitate operations comprising: receiving from the first device and over the hub link, user data uniquely identifying an intended user of the first device for the authenticated session; and determining whether the intended user is authorized for the authenticated 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Song to have the smart home service provider authenticate the user information received from the user in order to user authenticated control of the loT devices in the home of the user (see Song paragraph 0385).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492